From 5f2445af6d99c639725004b2f497bb8f9ab03588 Mon Sep 17 00:00:00 2001 From: Shyam Radhakrishnan Date: Sat, 1 Apr 2023 08:55:37 +0530 Subject: [PATCH] Update test files and template form bump to v1beta2 (#233) * Update templates and test files to bump to v1beta2 api version --- Makefile | 38 +- api/v1beta1/ocicluster_conversion.go | 2 +- docs/src/gs/create-gpu-workload-cluster.md | 12 +- docs/src/gs/customize-worker-node.md | 14 +- ...ternally-managed-cluster-infrastructure.md | 44 +- docs/src/gs/multi-tenancy.md | 4 +- docs/src/managed/networking.md | 21 +- docs/src/networking/custom-networking.md | 191 +++--- docs/src/networking/private-cluster.md | 2 +- .../cluster-template-alternative-region.yaml | 12 +- templates/cluster-template-antrea.yaml | 437 ++++++------- templates/cluster-template-arm-free-tier.yaml | 12 +- ...luster-template-failure-domain-spread.yaml | 16 +- templates/cluster-template-healthcheck.yaml | 12 +- .../cluster-template-local-vcn-peering.yaml | 575 +++++++++--------- templates/cluster-template-machinepool.yaml | 12 +- .../cluster-template-managed-flannel.yaml | 391 ++++++------ .../cluster-template-managed-private.yaml | 567 ++++++++--------- templates/cluster-template-managed.yaml | 12 +- templates/cluster-template-oci-addons.yaml | 12 +- templates/cluster-template-oraclelinux.yaml | 12 +- .../cluster-template-remote-vcn-peering.yaml | 575 +++++++++--------- .../cluster-template-windows-calico.yaml | 543 ++++++++--------- templates/cluster-template.yaml | 12 +- templates/clusterclass-example.yaml | 24 +- test/e2e/config/e2e_conf.yaml | 46 +- .../{v1beta1 => }/bases/ccm.yaml | 0 .../{v1beta1 => }/bases/crs.yaml | 0 .../cluster-template-antrea/cluster.yaml | 217 ------- .../kustomization.yaml | 4 +- .../cluster.yaml | 312 ---------- .../cluster.yaml | 136 ----- .../cluster.yaml | 327 ---------- .../v1beta2/bases/cluster.yaml | 88 +++ .../infrastructure-oci/v1beta2/bases/md.yaml | 50 ++ .../cluster.yaml | 4 +- .../kustomization.yaml | 4 +- .../md.yaml | 2 +- .../cluster-template-antrea/cluster.yaml | 218 +++++++ .../cluster-template-antrea/crs.yaml | 0 .../kustomization.yaml | 2 +- .../cluster-template-bare-metal/cluster.yaml | 2 +- .../kustomization.yaml | 4 +- .../cluster-template-bare-metal/md.yaml | 2 +- .../cluster-template.yaml | 0 .../clusterclass-test-cluster-class.yaml | 24 +- .../kustomization.yaml | 0 .../cluster-identity.yaml | 2 +- .../cluster.yaml | 4 +- .../kustomization.yaml | 4 +- .../cluster.yaml | 2 +- .../kustomization.yaml | 4 +- .../cluster.yaml | 23 +- .../kustomization.yaml | 2 +- .../kustomization.yaml | 4 +- .../cluster-template-kcp-remediation/mhc.yaml | 0 .../cluster.yaml | 312 ++++++++++ .../kustomization.yaml | 2 +- .../kustomization.yaml | 2 +- .../machine-pool.yaml | 4 +- .../cluster-identity.yaml | 2 +- .../cluster.yaml | 10 +- .../kustomization.yaml | 0 .../machine-pool.yaml | 4 +- .../cluster-template-managed/cluster.yaml | 8 +- .../kustomization.yaml | 0 .../machine-pool.yaml | 8 +- .../kustomization.yaml | 4 +- .../cluster-template-md-remediation/md.yaml | 0 .../cluster-template-md-remediation/mhc.yaml | 0 .../cluster.yaml | 137 +++++ .../kustomization.yaml | 4 +- .../md.yaml | 8 +- .../cluster-template-node-drain/cluster.yaml | 0 .../kustomization.yaml | 4 +- .../cluster-template-node-drain/md.yaml | 0 .../cluster.yaml | 2 +- .../kustomization.yaml | 4 +- .../cluster-template-oracle-linux/md.yaml | 2 +- .../cluster.yaml | 327 ++++++++++ .../kustomization.yaml | 2 +- .../md.yaml | 2 +- .../kustomization.yaml | 4 +- .../cluster-template-windows-calico/md.yaml | 2 +- .../cluster-template/kustomization.yaml | 4 +- .../infrastructure-oci/v1beta2/metadata.yaml | 6 + 86 files changed, 3031 insertions(+), 2872 deletions(-) rename test/e2e/data/infrastructure-oci/{v1beta1 => }/bases/ccm.yaml (100%) rename test/e2e/data/infrastructure-oci/{v1beta1 => }/bases/crs.yaml (100%) delete mode 100644 test/e2e/data/infrastructure-oci/v1beta1/cluster-template-antrea/cluster.yaml delete mode 100644 test/e2e/data/infrastructure-oci/v1beta1/cluster-template-local-vcn-peering/cluster.yaml delete mode 100644 test/e2e/data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg/cluster.yaml delete mode 100644 test/e2e/data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering/cluster.yaml create mode 100644 test/e2e/data/infrastructure-oci/v1beta2/bases/cluster.yaml create mode 100644 test/e2e/data/infrastructure-oci/v1beta2/bases/md.yaml rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-alternative-region/cluster.yaml (75%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-alternative-region/kustomization.yaml (68%) rename test/e2e/data/infrastructure-oci/{v1beta1/cluster-template-remote-vcn-peering => v1beta2/cluster-template-alternative-region}/md.yaml (73%) create mode 100644 test/e2e/data/infrastructure-oci/v1beta2/cluster-template-antrea/cluster.yaml rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-antrea/crs.yaml (100%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-antrea/kustomization.yaml (81%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-bare-metal/cluster.yaml (82%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-bare-metal/kustomization.yaml (68%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-bare-metal/md.yaml (81%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-cluster-class/cluster-template.yaml (100%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-cluster-class/clusterclass-test-cluster-class.yaml (88%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-cluster-class/kustomization.yaml (100%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-cluster-identity/cluster-identity.yaml (90%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-cluster-identity/cluster.yaml (62%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-cluster-identity/kustomization.yaml (71%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-custom-networking-seclist/cluster.yaml (98%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-custom-networking-seclist/kustomization.yaml (66%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-externally-managed-vcn/cluster.yaml (53%) rename test/e2e/data/infrastructure-oci/{v1beta1/cluster-template-local-vcn-peering => v1beta2/cluster-template-externally-managed-vcn}/kustomization.yaml (79%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-kcp-remediation/kustomization.yaml (57%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-kcp-remediation/mhc.yaml (100%) create mode 100644 test/e2e/data/infrastructure-oci/v1beta2/cluster-template-local-vcn-peering/cluster.yaml rename test/e2e/data/infrastructure-oci/{v1beta1/cluster-template-externally-managed-vcn => v1beta2/cluster-template-local-vcn-peering}/kustomization.yaml (79%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-machine-pool/kustomization.yaml (70%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-machine-pool/machine-pool.yaml (91%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-managed-cluster-identity/cluster-identity.yaml (89%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-managed-cluster-identity/cluster.yaml (75%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-managed-cluster-identity/kustomization.yaml (100%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-managed-cluster-identity/machine-pool.yaml (92%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-managed/cluster.yaml (77%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-managed/kustomization.yaml (100%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-managed/machine-pool.yaml (92%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-md-remediation/kustomization.yaml (67%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-md-remediation/md.yaml (100%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-md-remediation/mhc.yaml (100%) create mode 100644 test/e2e/data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg/cluster.yaml rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-multiple-node-nsg/kustomization.yaml (69%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-multiple-node-nsg/md.yaml (87%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-node-drain/cluster.yaml (100%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-node-drain/kustomization.yaml (68%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-node-drain/md.yaml (100%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-oracle-linux/cluster.yaml (88%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-oracle-linux/kustomization.yaml (69%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-oracle-linux/md.yaml (88%) create mode 100644 test/e2e/data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering/cluster.yaml rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-remote-vcn-peering/kustomization.yaml (81%) rename test/e2e/data/infrastructure-oci/{v1beta1/cluster-template-alternative-region => v1beta2/cluster-template-remote-vcn-peering}/md.yaml (73%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-windows-calico/kustomization.yaml (64%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template-windows-calico/md.yaml (96%) rename test/e2e/data/infrastructure-oci/{v1beta1 => v1beta2}/cluster-template/kustomization.yaml (52%) create mode 100644 test/e2e/data/infrastructure-oci/v1beta2/metadata.yaml diff --git a/Makefile b/Makefile index 2400aab0..c23bfa49 100644 --- a/Makefile +++ b/Makefile @@ -272,26 +272,26 @@ serve-book: build-book ## Build and serve the book with live-reloading enabled .PHONY: generate-e2e-templates ## Generate OCI infrastructure templates for e2e test suite. generate-e2e-templates: $(KUSTOMIZE) - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-alternative-region --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-alternative-region.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-bare-metal --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-bare-metal.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-md-remediation --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-md-remediation.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-kcp-remediation --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-kcp-remediation.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-node-drain --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-node-drain.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-antrea --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-antrea.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-oracle-linux --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-oracle-linux.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-custom-networking-seclist --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-custom-networking-seclist.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-alternative-region --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-alternative-region.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-bare-metal --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-bare-metal.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-md-remediation --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-md-remediation.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-kcp-remediation --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-kcp-remediation.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-node-drain --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-node-drain.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-antrea --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-antrea.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-oracle-linux --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-oracle-linux.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-custom-networking-seclist --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-custom-networking-seclist.yaml $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-custom-networking-nsg --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-custom-networking-nsg.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-multiple-node-nsg --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-multiple-node-nsg.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-cluster-class --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-cluster-class.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-local-vcn-peering --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-local-vcn-peering.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-remote-vcn-peering --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-remote-vcn-peering.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-externally-managed-vcn --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-externally-managed-vcn.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-machine-pool --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-machine-pool.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-managed --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-managed.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-managed-cluster-identity --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-managed-cluster-identity.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-cluster-identity --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-cluster-identity.yaml - $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta1/cluster-template-windows-calico --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta1/cluster-template-windows-calico.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-multiple-node-nsg --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-multiple-node-nsg.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-cluster-class --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-cluster-class.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-local-vcn-peering --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-local-vcn-peering.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-remote-vcn-peering --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-remote-vcn-peering.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-externally-managed-vcn --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-externally-managed-vcn.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-machine-pool --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-machine-pool.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-managed --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-managed.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-managed-cluster-identity --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-managed-cluster-identity.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-cluster-identity --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-cluster-identity.yaml + $(KUSTOMIZE) build $(OCI_TEMPLATES)/v1beta2/cluster-template-windows-calico --load-restrictor LoadRestrictionsNone > $(OCI_TEMPLATES)/v1beta2/cluster-template-windows-calico.yaml .PHONY: test-e2e-run test-e2e-run: generate-e2e-templates $(GINKGO) $(ENVSUBST) ## Run e2e tests diff --git a/api/v1beta1/ocicluster_conversion.go b/api/v1beta1/ocicluster_conversion.go index 1468dce0..d70ff0ec 100644 --- a/api/v1beta1/ocicluster_conversion.go +++ b/api/v1beta1/ocicluster_conversion.go @@ -22,7 +22,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/conversion" ) -// ConvertTo converts the v1beta1 AWSCluster receiver to a v1beta2 AWSCluster. +// ConvertTo converts the v1beta1 OCICluster receiver to a v1beta2 OCICluster. func (src *OCICluster) ConvertTo(dstRaw conversion.Hub) error { dst := dstRaw.(*v1beta2.OCICluster) diff --git a/docs/src/gs/create-gpu-workload-cluster.md b/docs/src/gs/create-gpu-workload-cluster.md index a465e98f..ffb945bd 100644 --- a/docs/src/gs/create-gpu-workload-cluster.md +++ b/docs/src/gs/create-gpu-workload-cluster.md @@ -199,7 +199,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -209,7 +209,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -229,7 +229,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -256,7 +256,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -271,7 +271,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md" @@ -320,7 +320,7 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate # Cluster-API calls them Failure Domains while OCI calls them Availability Domains # In the example this would be targeting US-ASHBURN-AD-2 diff --git a/docs/src/gs/customize-worker-node.md b/docs/src/gs/customize-worker-node.md index 54d4a76a..284f5fd1 100644 --- a/docs/src/gs/customize-worker-node.md +++ b/docs/src/gs/customize-worker-node.md @@ -4,7 +4,7 @@ Use the following configuration in `OCIMachineTemplate` to use a [customer managed boot volume encryption key][customer_managed_keys]. ```yaml kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 spec: template: spec: @@ -19,7 +19,7 @@ for an enumeration of all the possible configurations. ```yaml kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 spec: template: spec: @@ -38,7 +38,7 @@ for an enumeration of all the possible configurations. ```yaml kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 spec: template: spec: @@ -52,7 +52,7 @@ Use the following configuration in `OCIMachineTemplate` to create [preemtible in ```yaml kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 spec: template: spec: @@ -66,7 +66,7 @@ Use the following configuration in `OCIMachineTemplate` to use [capacity reserva ```yaml kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 spec: template: spec: @@ -79,7 +79,7 @@ The example below enables Bastion plugin. ```yaml kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 spec: template: spec: @@ -98,7 +98,7 @@ The following values are supported for `baselineOcpuUtilization`. ```yaml kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 spec: template: spec: diff --git a/docs/src/gs/externally-managed-cluster-infrastructure.md b/docs/src/gs/externally-managed-cluster-infrastructure.md index c97e0d70..3b11d21b 100644 --- a/docs/src/gs/externally-managed-cluster-infrastructure.md +++ b/docs/src/gs/externally-managed-cluster-infrastructure.md @@ -13,7 +13,7 @@ API Server Load Balancer will be managed by CAPOCI. Example spec is given below ```yaml -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: name: "${CLUSTER_NAME}" @@ -23,16 +23,17 @@ spec: skipNetworkManagement: true vcn: id: - networkSecurityGroups: - - id: - role: control-plane-endpoint - name: control-plane-endpoint - - id: - role: worker - name: worker - - id: - role: control-plane - name: control-plane + networkSecurityGroup: + list: + - id: + role: control-plane-endpoint + name: control-plane-endpoint + - id: + role: worker + name: worker + - id: + role: control-plane + name: control-plane subnets: - id: role: control-plane-endpoint @@ -59,7 +60,7 @@ This is useful for scenarios where a different persona is managing the cluster i The following `OCICluster` Spec includes the mandatory fields to be specified for externally managed infrastructure to work properly. In this example neither the VCN nor the network load balancer will be managed by CAPOCI. ```yaml -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -77,13 +78,14 @@ spec: loadBalancerId: vcn: id: - networkSecurityGroups: - - id: - name: - role: control-plane - - id: - name: - role: worker + networkSecurityGroup: + list: + - id: + name: + role: control-plane + - id: + name: + role: worker subnets: - id: role: control-plane @@ -115,7 +117,7 @@ curl -o -s -X PATCH -H "Accept: application/json, */*" \ --cacert ca.crt \ --cert client.crt \ --key client.key \ -https:///apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces//ociclusters//status \ +https:///apis/infrastructure.cluster.x-k8s.io/v1beta2/namespaces//ociclusters//status \ --data '{"status":{"ready":true,"failureDomains":{"1":{"attributes":{"AvailabilityDomain":"zkJl:AP-HYDERABAD-1-AD-1","FaultDomain":"FAULT-DOMAIN-1"},"controlPlane":true},"2":{"attributes":{"AvailabilityDomain":"zkJl:AP-HYDERABAD-1-AD-1","FaultDomain":"FAULT-DOMAIN-2"},"controlPlane":true},"3":{"attributes":{"AvailabilityDomain":"zkJl:AP-HYDERABAD-1-AD-1","FaultDomain":"FAULT-DOMAIN-3"}}}}}' ``` @@ -127,7 +129,7 @@ curl -o -s -X PATCH -H "Accept: application/json, */*" \ --cacert ca.crt \ --cert client.crt \ --key client.key \ -https:///apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces//ociclusters//status \ +https:///apis/infrastructure.cluster.x-k8s.io/v1beta2/namespaces//ociclusters//status \ --data '{"status":{"ready":true,"failureDomains":{"1":{"attributes":{"AvailabilityDomain":"zkJl:US-ASHBURN-1-AD-1"},"controlPlane":true},"2":{"attributes":{"AvailabilityDomain":"zkJl:US-ASHBURN-1-AD-2"},"controlPlane":true},"3":{"attributes":{"AvailabilityDomain":"zkJl:US-ASHBURN-1-AD-3"}}}}}' ``` diff --git a/docs/src/gs/multi-tenancy.md b/docs/src/gs/multi-tenancy.md index 31517f05..c38de365 100644 --- a/docs/src/gs/multi-tenancy.md +++ b/docs/src/gs/multi-tenancy.md @@ -44,7 +44,7 @@ spec: namespace: default allowedNamespaces: {} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -53,7 +53,7 @@ metadata: spec: compartmentId: "${OCI_COMPARTMENT_ID}" identityRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterIdentity name: cluster-identity namespace: default diff --git a/docs/src/managed/networking.md b/docs/src/managed/networking.md index 9b6cb720..d4861682 100644 --- a/docs/src/managed/networking.md +++ b/docs/src/managed/networking.md @@ -11,16 +11,17 @@ spec: skipNetworkManagement: true vcn: id: "" - networkSecurityGroups: - - id: "" - role: control-plane-endpoint - name: control-plane-endpoint - - id: "" - role: worker - name: worker - - id: "" - role: pod - name: pod + networkSecurityGroup: + list: + - id: "" + role: control-plane-endpoint + name: control-plane-endpoint + - id: "" + role: worker + name: worker + - id: "" + role: pod + name: pod subnets: - id: "" role: control-plane-endpoint diff --git a/docs/src/networking/custom-networking.md b/docs/src/networking/custom-networking.md index e1201678..f35fceb5 100644 --- a/docs/src/networking/custom-networking.md +++ b/docs/src/networking/custom-networking.md @@ -14,7 +14,7 @@ The `OCICluster` spec in the cluster templates can be modified to customize the The spec below shows how to change the CIDR range of the VCN from the default `10.0.0.0/16` to `172.16.0.0/16`. ```yaml -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: name: "${CLUSTER_NAME}" @@ -49,7 +49,7 @@ The spec below shows how to change the default NSG rules. ```yaml --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: name: "${CLUSTER_NAME}" @@ -59,98 +59,99 @@ spec: vcn: name: ${CLUSTER_NAME} cidr: "172.16.0.0/16" - networkSecurityGroups: - - name: ep-nsg - role: control-plane-endpoint - egressRules: - - egressRule: - isStateless: false - destination: "172.16.5.0/28" - protocol: "6" - destinationType: "CIDR_BLOCK" - description: "All traffic to control plane nodes" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - ingressRules: - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "External access to Kubernetes API endpoint" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - isStateless: false - source: "172.16.5.0/28" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Control plane worker nodes to API Server endpoint" - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "SSH access" - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - name: cp-mc-nsg - role: control-plane - egressRules: - - egressRule: - isStateless: false - destination: "0.0.0.0/0" - protocol: "6" - destinationType: "CIDR_BLOCK" - description: "control plane machine access to internet" - ingressRules: - - ingressRule: - isStateless: false - source: "172.16.0.0/16" - protocol: "all" - sourceType: "CIDR_BLOCK" - description: "Allow inter vcn communication" - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "SSH access" - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - name: worker-nsg - role: worker - egressRules: - - egressRule: - isStateless: false - destination: "0.0.0.0/0" - protocol: "6" - destinationType: "CIDR_BLOCK" - description: "Worker Nodes access to Internet" - ingressRules: - - ingressRule: - isStateless: false - source: "172.16.0.0/16" - protocol: "all" - sourceType: "CIDR_BLOCK" - description: "Allow inter vcn communication" - - name: service-lb-nsg - role: service-lb - ingressRules: - - ingressRule: - isStateless: false - source: "172.16.0.0/16" - protocol: "all" - sourceType: "CIDR_BLOCK" - description: "Allow ingress from vcn subnets" + networkSecurityGroup: + list: + - name: ep-nsg + role: control-plane-endpoint + egressRules: + - egressRule: + isStateless: false + destination: "172.16.5.0/28" + protocol: "6" + destinationType: "CIDR_BLOCK" + description: "All traffic to control plane nodes" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + ingressRules: + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "External access to Kubernetes API endpoint" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + isStateless: false + source: "172.16.5.0/28" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Control plane worker nodes to API Server endpoint" + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "SSH access" + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - name: cp-mc-nsg + role: control-plane + egressRules: + - egressRule: + isStateless: false + destination: "0.0.0.0/0" + protocol: "6" + destinationType: "CIDR_BLOCK" + description: "control plane machine access to internet" + ingressRules: + - ingressRule: + isStateless: false + source: "172.16.0.0/16" + protocol: "all" + sourceType: "CIDR_BLOCK" + description: "Allow inter vcn communication" + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "SSH access" + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - name: worker-nsg + role: worker + egressRules: + - egressRule: + isStateless: false + destination: "0.0.0.0/0" + protocol: "6" + destinationType: "CIDR_BLOCK" + description: "Worker Nodes access to Internet" + ingressRules: + - ingressRule: + isStateless: false + source: "172.16.0.0/16" + protocol: "all" + sourceType: "CIDR_BLOCK" + description: "Allow inter vcn communication" + - name: service-lb-nsg + role: service-lb + ingressRules: + - ingressRule: + isStateless: false + source: "172.16.0.0/16" + protocol: "all" + sourceType: "CIDR_BLOCK" + description: "Allow ingress from vcn subnets" subnets: - name: ep-subnet role: control-plane-endpoint @@ -176,7 +177,7 @@ The spec below shows how to implement the security posture using security lists ```yaml --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: name: "${CLUSTER_NAME}" diff --git a/docs/src/networking/private-cluster.md b/docs/src/networking/private-cluster.md index 7354dc98..771bf2e4 100644 --- a/docs/src/networking/private-cluster.md +++ b/docs/src/networking/private-cluster.md @@ -10,7 +10,7 @@ and is accessible only within the VCN or peered VCNs. In order to use private cl endpoint subnet has to be marked as private. An example spec is given below. ```yaml -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: diff --git a/templates/cluster-template-alternative-region.yaml b/templates/cluster-template-alternative-region.yaml index de87882e..9b469e04 100644 --- a/templates/cluster-template-alternative-region.yaml +++ b/templates/cluster-template-alternative-region.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -46,7 +46,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -73,7 +73,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -88,7 +88,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" @@ -137,5 +137,5 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-0" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate \ No newline at end of file diff --git a/templates/cluster-template-antrea.yaml b/templates/cluster-template-antrea.yaml index 716f2c71..51ddca72 100644 --- a/templates/cluster-template-antrea.yaml +++ b/templates/cluster-template-antrea.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -35,218 +35,219 @@ spec: compartmentId: "${OCI_COMPARTMENT_ID}" networkSpec: vcn: - networkSecurityGroups: - - egressRules: - - egressRule: - description: Control Plane Nodes access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - ingressRules: - - ingressRule: - description: Kubernetes API endpoint to Kubernetes control plane node(apiserver - port) communication - isStateless: false - protocol: "6" - source: 10.0.0.8/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Control plane node to control plane node(apiserver port) - communication - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Worker Node to Kubernetes control plane node(apiserver port) - communication - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: etcd client communication - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2379 - min: 2379 - - ingressRule: - description: etcd peer - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2380 - min: 2380 - - ingressRule: - description: Antrea Service - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10349 - min: 10349 - - ingressRule: - description: Antrea Service - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10349 - min: 10349 - - ingressRule: - description: Geneve Service - isStateless: false - protocol: "17" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - udpOptions: - destinationPortRange: - max: 6081 - min: 6081 - - ingressRule: - description: Geneve Service - isStateless: false - protocol: "17" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - udpOptions: - destinationPortRange: - max: 6081 - min: 6081 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.0.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Inbound SSH traffic to control plane nodes - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - ingressRule: - description: Control Plane to Control Plane Kubelet Communication - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - name: control-plane - role: control-plane - - egressRules: - - egressRule: - description: Worker Nodes access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - ingressRules: - - ingressRule: - description: Inbound SSH traffic to worker nodes - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.0.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Control plane nodes to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Worker nodes to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Geneve Service - isStateless: false - protocol: "17" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - udpOptions: - destinationPortRange: - max: 6081 - min: 6081 - - ingressRule: - description: Geneve Service - isStateless: false - protocol: "17" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - udpOptions: - destinationPortRange: - max: 6081 - min: 6081 - - ingressRule: - description: Worker node to default NodePort ingress communication - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - name: worker - role: worker + networkSecurityGroup: + list: + - egressRules: + - egressRule: + description: Control Plane Nodes access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Kubernetes API endpoint to Kubernetes control plane node(apiserver + port) communication + isStateless: false + protocol: "6" + source: 10.0.0.8/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Control plane node to control plane node(apiserver port) + communication + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Worker Node to Kubernetes control plane node(apiserver port) + communication + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: etcd client communication + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2379 + min: 2379 + - ingressRule: + description: etcd peer + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2380 + min: 2380 + - ingressRule: + description: Antrea Service + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10349 + min: 10349 + - ingressRule: + description: Antrea Service + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10349 + min: 10349 + - ingressRule: + description: Geneve Service + isStateless: false + protocol: "17" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + udpOptions: + destinationPortRange: + max: 6081 + min: 6081 + - ingressRule: + description: Geneve Service + isStateless: false + protocol: "17" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + udpOptions: + destinationPortRange: + max: 6081 + min: 6081 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.0.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Inbound SSH traffic to control plane nodes + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - ingressRule: + description: Control Plane to Control Plane Kubelet Communication + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + name: control-plane + role: control-plane + - egressRules: + - egressRule: + description: Worker Nodes access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Inbound SSH traffic to worker nodes + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.0.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Control plane nodes to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Worker nodes to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Geneve Service + isStateless: false + protocol: "17" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + udpOptions: + destinationPortRange: + max: 6081 + min: 6081 + - ingressRule: + description: Geneve Service + isStateless: false + protocol: "17" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + udpOptions: + destinationPortRange: + max: 6081 + min: 6081 + - ingressRule: + description: Worker node to default NodePort ingress communication + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + name: worker + role: worker --- kind: KubeadmControlPlane apiVersion: controlplane.cluster.x-k8s.io/v1beta1 @@ -259,7 +260,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -286,7 +287,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -301,7 +302,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" @@ -350,5 +351,5 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-0" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate \ No newline at end of file diff --git a/templates/cluster-template-arm-free-tier.yaml b/templates/cluster-template-arm-free-tier.yaml index ac082d50..db41b469 100644 --- a/templates/cluster-template-arm-free-tier.yaml +++ b/templates/cluster-template-arm-free-tier.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -61,7 +61,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -94,7 +94,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -111,7 +111,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" IsPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" @@ -165,5 +165,5 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-0" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate \ No newline at end of file diff --git a/templates/cluster-template-failure-domain-spread.yaml b/templates/cluster-template-failure-domain-spread.yaml index fe4974bc..386b4ac5 100644 --- a/templates/cluster-template-failure-domain-spread.yaml +++ b/templates/cluster-template-failure-domain-spread.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -45,7 +45,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -72,7 +72,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -87,7 +87,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md" @@ -136,7 +136,7 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate failureDomain: "1" --- @@ -160,7 +160,7 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate failureDomain: "2" --- @@ -184,6 +184,6 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate failureDomain: "3" \ No newline at end of file diff --git a/templates/cluster-template-healthcheck.yaml b/templates/cluster-template-healthcheck.yaml index 41cd1c3d..1ddb0626 100644 --- a/templates/cluster-template-healthcheck.yaml +++ b/templates/cluster-template-healthcheck.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -48,7 +48,7 @@ spec: controlplane.remediation: "" infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -75,7 +75,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" # labels: @@ -92,7 +92,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" @@ -148,7 +148,7 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-0" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate --- apiVersion: cluster.x-k8s.io/v1beta1 diff --git a/templates/cluster-template-local-vcn-peering.yaml b/templates/cluster-template-local-vcn-peering.yaml index d88e8286..bc0d08ac 100644 --- a/templates/cluster-template-local-vcn-peering.yaml +++ b/templates/cluster-template-local-vcn-peering.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -45,287 +45,288 @@ spec: - vcnCIDRRange: "10.0.0.0/16" vcn: cidr: "10.1.0.0/16" - networkSecurityGroups: - - egressRules: - - egressRule: - description: Kubernetes API traffic to Control Plane - destination: 10.1.0.0/29 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - ingressRules: - - ingressRule: - description: External access to Kubernetes API endpoint - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - name: control-plane-endpoint - role: control-plane-endpoint - - egressRules: - - egressRule: - description: Control Plane access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - ingressRules: - - ingressRule: - description: Kubernetes API endpoint to Control Plane(apiserver port) - communication - isStateless: false - protocol: "6" - source: 10.1.0.8/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Control plane node to Control Plane(apiserver port) communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Worker Node to Control Plane(apiserver port) communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: etcd client communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2379 - min: 2379 - - ingressRule: - description: etcd peer - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2380 - min: 2380 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Inbound SSH traffic to Control Plane - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - name: control-plane - role: control-plane - - egressRules: - - egressRule: - description: Worker node access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - id: C2F829 - ingressRules: - - ingressRule: - description: Inbound SSH traffic to worker node - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Control Plane to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Worker node to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 11.0.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Worker node to default NodePort ingress communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - name: worker - role: worker - - egressRules: - - egressRule: - description: Service LoadBalancer to default NodePort egress communication - destination: 10.1.64.0/20 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - ingressRules: - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Accept http traffic on port 80 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 80 - min: 80 - - ingressRule: - description: Accept https traffic on port 443 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 443 - min: 443 - name: service-lb - role: service-lb + networkSecurityGroup: + list: + - egressRules: + - egressRule: + description: Kubernetes API traffic to Control Plane + destination: 10.1.0.0/29 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + ingressRules: + - ingressRule: + description: External access to Kubernetes API endpoint + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + name: control-plane-endpoint + role: control-plane-endpoint + - egressRules: + - egressRule: + description: Control Plane access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Kubernetes API endpoint to Control Plane(apiserver port) + communication + isStateless: false + protocol: "6" + source: 10.1.0.8/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Control plane node to Control Plane(apiserver port) communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Worker Node to Control Plane(apiserver port) communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: etcd client communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2379 + min: 2379 + - ingressRule: + description: etcd peer + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2380 + min: 2380 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Inbound SSH traffic to Control Plane + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + name: control-plane + role: control-plane + - egressRules: + - egressRule: + description: Worker node access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + id: C2F829 + ingressRules: + - ingressRule: + description: Inbound SSH traffic to worker node + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Control Plane to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Worker node to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 11.0.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Worker node to default NodePort ingress communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + name: worker + role: worker + - egressRules: + - egressRule: + description: Service LoadBalancer to default NodePort egress communication + destination: 10.1.64.0/20 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + ingressRules: + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Accept http traffic on port 80 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 80 + min: 80 + - ingressRule: + description: Accept https traffic on port 443 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 443 + min: 443 + name: service-lb + role: service-lb subnets: - cidr: 10.1.0.8/29 name: control-plane-endpoint @@ -355,7 +356,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -382,7 +383,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -398,7 +399,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" @@ -448,5 +449,5 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-0" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate \ No newline at end of file diff --git a/templates/cluster-template-machinepool.yaml b/templates/cluster-template-machinepool.yaml index e4d80976..4d107c7c 100644 --- a/templates/cluster-template-machinepool.yaml +++ b/templates/cluster-template-machinepool.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -45,7 +45,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -71,7 +71,7 @@ spec: cloud-provider: external provider-id: oci://{{ ds["id"] }} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-control-plane" @@ -104,12 +104,12 @@ spec: name: ${CLUSTER_NAME}-mp-0 clusterName: ${CLUSTER_NAME} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachinePool name: ${CLUSTER_NAME}-mp-0 version: ${KUBERNETES_VERSION} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachinePool metadata: name: ${CLUSTER_NAME}-mp-0 diff --git a/templates/cluster-template-managed-flannel.yaml b/templates/cluster-template-managed-flannel.yaml index fbf67156..bac4ff87 100644 --- a/templates/cluster-template-managed-flannel.yaml +++ b/templates/cluster-template-managed-flannel.yaml @@ -7,17 +7,17 @@ metadata: namespace: "${NAMESPACE}" spec: infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedCluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" controlPlaneRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedControlPlane name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedCluster metadata: labels: @@ -30,195 +30,196 @@ spec: name: "" vcn: cidr: 10.0.0.0/16 - networkSecurityGroups: - - egressRules: - - egressRule: - description: Allow Kubernetes API endpoint to communicate with OKE. - destination: all-iad-services-in-oracle-services-network - destinationType: SERVICE_CIDR_BLOCK - isStateless: false - protocol: "6" - - egressRule: - description: Path Discovery. - destination: all-iad-services-in-oracle-services-network - destinationType: SERVICE_CIDR_BLOCK - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - - egressRule: - description: Allow Kubernetes API endpoint to communicate with worker - nodes. - destination: 10.0.64.0/20 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - egressRule: - description: Path Discovery. - destination: 10.0.64.0/20 - destinationType: CIDR_BLOCK - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - ingressRules: - - ingressRule: - description: Kubernetes worker to Kubernetes API endpoint communication. - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Kubernetes worker to Kubernetes API endpoint communication. - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 12250 - min: 12250 - - ingressRule: - description: Path Discovery. - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: External access to Kubernetes API endpoint. - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - name: control-plane-endpoint - role: control-plane-endpoint - - egressRules: - - egressRule: - description: Allow pods on one worker node to communicate with pods on other worker nodes. - destination: "10.0.64.0/20" - destinationType: CIDR_BLOCK - isStateless: false - protocol: "all" - - egressRule: - description: Allow worker nodes to communicate with OKE. - destination: all-iad-services-in-oracle-services-network - destinationType: SERVICE_CIDR_BLOCK - isStateless: false - protocol: "6" - - egressRule: - description: Path Discovery. - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - - egressRule: - description: Kubernetes worker to Kubernetes API endpoint communication. - destination: 10.0.0.8/29 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - egressRule: - description: Kubernetes worker to Kubernetes API endpoint communication. - destination: 10.0.0.8/29 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 12250 - min: 12250 - ingressRules: - - ingressRule: - description: Allow pods on one worker node to communicate with pods on other worker nodes. - isStateless: false - protocol: "all" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Allow Kubernetes API endpoint to communicate with worker nodes. - isStateless: false - protocol: "6" - source: 10.0.0.8/29 - sourceType: CIDR_BLOCK - - ingressRule: - description: Path Discovery. - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - - ingressRule: - description: Load Balancer to Worker nodes node ports. - isStateless: false - protocol: "6" - source: 10.0.0.32/27 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - name: worker - role: worker - - egressRules: - - egressRule: - description: Load Balancer to Worker nodes node ports. - destination: 10.0.64.0/20 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - ingressRules: - - ingressRule: - description: Accept http traffic on port 80 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 80 - min: 80 - - ingressRule: - description: Accept https traffic on port 443 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 443 - min: 443 - name: service-lb - role: service-lb + networkSecurityGroup: + list: + - egressRules: + - egressRule: + description: Allow Kubernetes API endpoint to communicate with OKE. + destination: all-iad-services-in-oracle-services-network + destinationType: SERVICE_CIDR_BLOCK + isStateless: false + protocol: "6" + - egressRule: + description: Path Discovery. + destination: all-iad-services-in-oracle-services-network + destinationType: SERVICE_CIDR_BLOCK + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + - egressRule: + description: Allow Kubernetes API endpoint to communicate with worker + nodes. + destination: 10.0.64.0/20 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - egressRule: + description: Path Discovery. + destination: 10.0.64.0/20 + destinationType: CIDR_BLOCK + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + ingressRules: + - ingressRule: + description: Kubernetes worker to Kubernetes API endpoint communication. + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Kubernetes worker to Kubernetes API endpoint communication. + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 12250 + min: 12250 + - ingressRule: + description: Path Discovery. + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: External access to Kubernetes API endpoint. + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + name: control-plane-endpoint + role: control-plane-endpoint + - egressRules: + - egressRule: + description: Allow pods on one worker node to communicate with pods on other worker nodes. + destination: "10.0.64.0/20" + destinationType: CIDR_BLOCK + isStateless: false + protocol: "all" + - egressRule: + description: Allow worker nodes to communicate with OKE. + destination: all-iad-services-in-oracle-services-network + destinationType: SERVICE_CIDR_BLOCK + isStateless: false + protocol: "6" + - egressRule: + description: Path Discovery. + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + - egressRule: + description: Kubernetes worker to Kubernetes API endpoint communication. + destination: 10.0.0.8/29 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - egressRule: + description: Kubernetes worker to Kubernetes API endpoint communication. + destination: 10.0.0.8/29 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 12250 + min: 12250 + ingressRules: + - ingressRule: + description: Allow pods on one worker node to communicate with pods on other worker nodes. + isStateless: false + protocol: "all" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Allow Kubernetes API endpoint to communicate with worker nodes. + isStateless: false + protocol: "6" + source: 10.0.0.8/29 + sourceType: CIDR_BLOCK + - ingressRule: + description: Path Discovery. + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + - ingressRule: + description: Load Balancer to Worker nodes node ports. + isStateless: false + protocol: "6" + source: 10.0.0.32/27 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + name: worker + role: worker + - egressRules: + - egressRule: + description: Load Balancer to Worker nodes node ports. + destination: 10.0.64.0/20 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + ingressRules: + - ingressRule: + description: Accept http traffic on port 80 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 80 + min: 80 + - ingressRule: + description: Accept https traffic on port 443 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 443 + min: 443 + name: service-lb + role: service-lb subnets: - cidr: 10.0.0.8/29 name: control-plane-endpoint @@ -234,7 +235,7 @@ spec: type: private --- kind: OCIManagedControlPlane -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -257,12 +258,12 @@ spec: bootstrap: dataSecretName: "" infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool name: ${CLUSTER_NAME}-mp-0 version: ${KUBERNETES_VERSION} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool metadata: name: ${CLUSTER_NAME}-mp-0 diff --git a/templates/cluster-template-managed-private.yaml b/templates/cluster-template-managed-private.yaml index 605baa53..ba3e1db9 100644 --- a/templates/cluster-template-managed-private.yaml +++ b/templates/cluster-template-managed-private.yaml @@ -7,17 +7,17 @@ metadata: namespace: "${NAMESPACE}" spec: infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedCluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" controlPlaneRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedControlPlane name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedCluster metadata: labels: @@ -45,286 +45,287 @@ spec: name: pod role: pod type: private - networkSecurityGroups: - - egressRules: - - egressRule: - description: Allow Kubernetes API endpoint to communicate with OKE. - destinationType: SERVICE_CIDR_BLOCK - isStateless: false - protocol: "6" - - egressRule: - description: Path Discovery. - destinationType: SERVICE_CIDR_BLOCK - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - - egressRule: - description: Allow Kubernetes API endpoint to communicate with worker - nodes. - destination: 10.0.64.0/20 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - egressRule: - description: Path Discovery. - destination: 10.0.64.0/20 - destinationType: CIDR_BLOCK - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - - egressRule: - description: Allow Kubernetes API endpoint to communicate with pods (when - using VCN-native pod networking). - destination: 10.0.128.0/18 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - ingressRules: - - ingressRule: - description: Kubernetes worker to Kubernetes API endpoint communication. - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Kubernetes worker to Kubernetes API endpoint communication. - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 12250 - min: 12250 - - ingressRule: - description: Path Discovery. - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Pod to Kubernetes API endpoint communication (when using - VCN-native pod networking). - isStateless: false - protocol: "6" - source: 10.0.128.0/18 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Pod to Kubernetes API endpoint communication (when using - VCN-native pod networking). - isStateless: false - protocol: "6" - source: 10.0.128.0/18 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 12250 - min: 12250 - - ingressRule: - description: External access to Kubernetes API endpoint. - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - name: control-plane-endpoint - role: control-plane-endpoint - - egressRules: - - egressRule: - description: Allow worker nodes to communicate with OKE. - destinationType: SERVICE_CIDR_BLOCK - isStateless: false - protocol: "6" - - egressRule: - description: Allow worker nodes to access pods. - destination: 10.0.128.0/18 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - - egressRule: - description: Path Discovery. - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - - egressRule: - description: Kubernetes worker to Kubernetes API endpoint communication. - destination: 10.0.0.8/29 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - egressRule: - description: Kubernetes worker to Kubernetes API endpoint communication. - destination: 10.0.0.8/29 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 12250 - min: 12250 - ingressRules: - - ingressRule: - description: Allow Kubernetes API endpoint to communicate with worker - nodes. - isStateless: false - protocol: "6" - source: 10.0.0.8/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Path Discovery. - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - - ingressRule: - description: Load Balancer to Worker nodes node ports. - isStateless: false - protocol: "6" - source: 10.0.0.32/27 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - name: worker - role: worker - - egressRules: - - egressRule: - description: Load Balancer to Worker nodes node ports. - destination: 10.0.64.0/20 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - ingressRules: - - ingressRule: - description: Accept http traffic on port 80 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 80 - min: 80 - - ingressRule: - description: Accept https traffic on port 443 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 443 - min: 443 - name: service-lb - role: service-lb - - egressRules: - - egressRule: - description: Allow worker nodes to communicate with OCI Services. - destinationType: SERVICE_CIDR_BLOCK - isStateless: false - protocol: "6" - - egressRule: - description: Path Discovery. - destinationType: SERVICE_CIDR_BLOCK - icmpOptions: - code: 4 - type: 3 - isStateless: false - protocol: "1" - - egressRule: - description: Allow pods to communicate with other pods. - destination: 10.0.128.0/18 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - - egressRule: - description: Pod to Kubernetes API endpoint communication (when using - VCN-native pod networking). - destination: 10.0.0.8/29 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - egressRule: - description: Pod to Kubernetes API endpoint communication (when using - VCN-native pod networking). - destination: 10.0.0.8/29 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 12250 - min: 12250 - ingressRules: - - ingressRule: - description: Allow worker nodes to access pods. - isStateless: false - protocol: all - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Allow Kubernetes API endpoint to communicate with pods. - isStateless: false - protocol: all - source: 10.0.0.8/29 - sourceType: CIDR_BLOCK - - ingressRule: - description: Allow pods to communicate with other pods. - isStateless: false - protocol: all - source: 10.0.128.0/18 - sourceType: CIDR_BLOCK - name: pod - role: pod + networkSecurityGroup: + list: + - egressRules: + - egressRule: + description: Allow Kubernetes API endpoint to communicate with OKE. + destinationType: SERVICE_CIDR_BLOCK + isStateless: false + protocol: "6" + - egressRule: + description: Path Discovery. + destinationType: SERVICE_CIDR_BLOCK + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + - egressRule: + description: Allow Kubernetes API endpoint to communicate with worker + nodes. + destination: 10.0.64.0/20 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - egressRule: + description: Path Discovery. + destination: 10.0.64.0/20 + destinationType: CIDR_BLOCK + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + - egressRule: + description: Allow Kubernetes API endpoint to communicate with pods (when + using VCN-native pod networking). + destination: 10.0.128.0/18 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Kubernetes worker to Kubernetes API endpoint communication. + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Kubernetes worker to Kubernetes API endpoint communication. + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 12250 + min: 12250 + - ingressRule: + description: Path Discovery. + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Pod to Kubernetes API endpoint communication (when using + VCN-native pod networking). + isStateless: false + protocol: "6" + source: 10.0.128.0/18 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Pod to Kubernetes API endpoint communication (when using + VCN-native pod networking). + isStateless: false + protocol: "6" + source: 10.0.128.0/18 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 12250 + min: 12250 + - ingressRule: + description: External access to Kubernetes API endpoint. + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + name: control-plane-endpoint + role: control-plane-endpoint + - egressRules: + - egressRule: + description: Allow worker nodes to communicate with OKE. + destinationType: SERVICE_CIDR_BLOCK + isStateless: false + protocol: "6" + - egressRule: + description: Allow worker nodes to access pods. + destination: 10.0.128.0/18 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + - egressRule: + description: Path Discovery. + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + - egressRule: + description: Kubernetes worker to Kubernetes API endpoint communication. + destination: 10.0.0.8/29 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - egressRule: + description: Kubernetes worker to Kubernetes API endpoint communication. + destination: 10.0.0.8/29 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 12250 + min: 12250 + ingressRules: + - ingressRule: + description: Allow Kubernetes API endpoint to communicate with worker + nodes. + isStateless: false + protocol: "6" + source: 10.0.0.8/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Path Discovery. + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + - ingressRule: + description: Load Balancer to Worker nodes node ports. + isStateless: false + protocol: "6" + source: 10.0.0.32/27 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + name: worker + role: worker + - egressRules: + - egressRule: + description: Load Balancer to Worker nodes node ports. + destination: 10.0.64.0/20 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + ingressRules: + - ingressRule: + description: Accept http traffic on port 80 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 80 + min: 80 + - ingressRule: + description: Accept https traffic on port 443 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 443 + min: 443 + name: service-lb + role: service-lb + - egressRules: + - egressRule: + description: Allow worker nodes to communicate with OCI Services. + destinationType: SERVICE_CIDR_BLOCK + isStateless: false + protocol: "6" + - egressRule: + description: Path Discovery. + destinationType: SERVICE_CIDR_BLOCK + icmpOptions: + code: 4 + type: 3 + isStateless: false + protocol: "1" + - egressRule: + description: Allow pods to communicate with other pods. + destination: 10.0.128.0/18 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + - egressRule: + description: Pod to Kubernetes API endpoint communication (when using + VCN-native pod networking). + destination: 10.0.0.8/29 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - egressRule: + description: Pod to Kubernetes API endpoint communication (when using + VCN-native pod networking). + destination: 10.0.0.8/29 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 12250 + min: 12250 + ingressRules: + - ingressRule: + description: Allow worker nodes to access pods. + isStateless: false + protocol: all + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Allow Kubernetes API endpoint to communicate with pods. + isStateless: false + protocol: all + source: 10.0.0.8/29 + sourceType: CIDR_BLOCK + - ingressRule: + description: Allow pods to communicate with other pods. + isStateless: false + protocol: all + source: 10.0.128.0/18 + sourceType: CIDR_BLOCK + name: pod + role: pod --- kind: OCIManagedControlPlane -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -347,12 +348,12 @@ spec: bootstrap: dataSecretName: "" infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool name: ${CLUSTER_NAME}-mp-0 version: ${KUBERNETES_VERSION} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool metadata: name: ${CLUSTER_NAME}-mp-0 diff --git a/templates/cluster-template-managed.yaml b/templates/cluster-template-managed.yaml index 61b50f24..1c2ad8fe 100644 --- a/templates/cluster-template-managed.yaml +++ b/templates/cluster-template-managed.yaml @@ -7,17 +7,17 @@ metadata: namespace: "${NAMESPACE}" spec: infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedCluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" controlPlaneRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedControlPlane name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedCluster metadata: labels: @@ -27,7 +27,7 @@ spec: compartmentId: "${OCI_COMPARTMENT_ID}" --- kind: OCIManagedControlPlane -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -50,12 +50,12 @@ spec: bootstrap: dataSecretName: "" infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool name: ${CLUSTER_NAME}-mp-0 version: ${KUBERNETES_VERSION} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool metadata: name: ${CLUSTER_NAME}-mp-0 diff --git a/templates/cluster-template-oci-addons.yaml b/templates/cluster-template-oci-addons.yaml index 8ac1dee0..8318e549 100644 --- a/templates/cluster-template-oci-addons.yaml +++ b/templates/cluster-template-oci-addons.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -45,7 +45,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -72,7 +72,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -87,7 +87,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" @@ -136,7 +136,7 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-0" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate --- apiVersion: addons.cluster.x-k8s.io/v1beta1 diff --git a/templates/cluster-template-oraclelinux.yaml b/templates/cluster-template-oraclelinux.yaml index bc7eb427..e7b58b28 100644 --- a/templates/cluster-template-oraclelinux.yaml +++ b/templates/cluster-template-oraclelinux.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -45,7 +45,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -75,7 +75,7 @@ spec: - swapoff -a --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -90,7 +90,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" @@ -142,6 +142,6 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-0" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate diff --git a/templates/cluster-template-remote-vcn-peering.yaml b/templates/cluster-template-remote-vcn-peering.yaml index eebfff71..43c44bd6 100644 --- a/templates/cluster-template-remote-vcn-peering.yaml +++ b/templates/cluster-template-remote-vcn-peering.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -49,287 +49,288 @@ spec: peerRegionName: "${PEER_REGION_NAME}" vcn: cidr: "10.1.0.0/16" - networkSecurityGroups: - - egressRules: - - egressRule: - description: Kubernetes API traffic to Control Plane - destination: 10.1.0.0/29 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - ingressRules: - - ingressRule: - description: External access to Kubernetes API endpoint - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - name: control-plane-endpoint - role: control-plane-endpoint - - egressRules: - - egressRule: - description: Control Plane access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - ingressRules: - - ingressRule: - description: Kubernetes API endpoint to Control Plane(apiserver port) - communication - isStateless: false - protocol: "6" - source: 10.1.0.8/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Control plane node to Control Plane(apiserver port) communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Worker Node to Control Plane(apiserver port) communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: etcd client communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2379 - min: 2379 - - ingressRule: - description: etcd peer - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2380 - min: 2380 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Inbound SSH traffic to Control Plane - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - name: control-plane - role: control-plane - - egressRules: - - egressRule: - description: Worker node access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - id: C2F829 - ingressRules: - - ingressRule: - description: Inbound SSH traffic to worker node - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Control Plane to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Worker node to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 11.0.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Worker node to default NodePort ingress communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - name: worker - role: worker - - egressRules: - - egressRule: - description: Service LoadBalancer to default NodePort egress communication - destination: 10.1.64.0/20 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - ingressRules: - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Accept http traffic on port 80 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 80 - min: 80 - - ingressRule: - description: Accept https traffic on port 443 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 443 - min: 443 - name: service-lb - role: service-lb + networkSecurityGroup: + list: + - egressRules: + - egressRule: + description: Kubernetes API traffic to Control Plane + destination: 10.1.0.0/29 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + ingressRules: + - ingressRule: + description: External access to Kubernetes API endpoint + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + name: control-plane-endpoint + role: control-plane-endpoint + - egressRules: + - egressRule: + description: Control Plane access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Kubernetes API endpoint to Control Plane(apiserver port) + communication + isStateless: false + protocol: "6" + source: 10.1.0.8/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Control plane node to Control Plane(apiserver port) communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Worker Node to Control Plane(apiserver port) communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: etcd client communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2379 + min: 2379 + - ingressRule: + description: etcd peer + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2380 + min: 2380 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Inbound SSH traffic to Control Plane + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + name: control-plane + role: control-plane + - egressRules: + - egressRule: + description: Worker node access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + id: C2F829 + ingressRules: + - ingressRule: + description: Inbound SSH traffic to worker node + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Control Plane to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Worker node to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 11.0.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Worker node to default NodePort ingress communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + name: worker + role: worker + - egressRules: + - egressRule: + description: Service LoadBalancer to default NodePort egress communication + destination: 10.1.64.0/20 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + ingressRules: + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Accept http traffic on port 80 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 80 + min: 80 + - ingressRule: + description: Accept https traffic on port 443 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 443 + min: 443 + name: service-lb + role: service-lb subnets: - cidr: 10.1.0.8/29 name: control-plane-endpoint @@ -359,7 +360,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -386,7 +387,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -402,7 +403,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" @@ -452,5 +453,5 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-0" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate \ No newline at end of file diff --git a/templates/cluster-template-windows-calico.yaml b/templates/cluster-template-windows-calico.yaml index b7b5e24b..7f00dd23 100644 --- a/templates/cluster-template-windows-calico.yaml +++ b/templates/cluster-template-windows-calico.yaml @@ -18,7 +18,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -28,7 +28,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -40,271 +40,272 @@ spec: vcn: name: ${CLUSTER_NAME} cidr: "10.0.0.0/16" - networkSecurityGroups: - - name: control-plane-endpoint - role: control-plane-endpoint - egressRules: - - egressRule: - isStateless: false - destination: "10.0.0.0/29" - protocol: "6" - destinationType: "CIDR_BLOCK" - description: "Kubernetes API traffic to Control Plane" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - ingressRules: - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "External access to Kubernetes API endpoint" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - isStateless: false - source: "10.0.0.0/16" - protocol: "1" - sourceType: "CIDR_BLOCK" - description: "Path discovery" - icmpOptions: - code: 4 - type: 3 - - name: control-plane - role: control-plane - egressRules: - - egressRule: - isStateless: false - destination: "0.0.0.0/0" - protocol: "all" - destinationType: "CIDR_BLOCK" - description: "Control Plane access to Internet" - ingressRules: - - ingressRule: - isStateless: false - source: "10.0.0.8/29" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Kubernetes API endpoint to Control Plane(apiserver port)" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - isStateless: false - source: "10.0.0.0/29" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Control plane node to Control Plane(apiserver port) communication" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - isStateless: false - source: "10.0.64.0/20" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Worker Node to Control Plane(apiserver port) communication" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - isStateless: false - source: "10.0.0.0/29" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "etcd client communication" - tcpOptions: - destinationPortRange: - max: 2379 - min: 2379 - - ingressRule: - isStateless: false - source: "10.0.0.0/29" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "etcd peer" - tcpOptions: - destinationPortRange: - max: 2380 - min: 2380 - - ingressRule: - isStateless: false - source: "10.0.0.0/16" - protocol: "1" - sourceType: "CIDR_BLOCK" - description: "Path discovery" - icmpOptions: - code: 4 - type: 3 - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Inbound SSH traffic to Control Plane" - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - ingressRule: - isStateless: false - source: "10.0.0.0/29" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Control Plane to Control Plane Kubelet Communication" - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - isStateless: false - source: "10.0.64.0/20" - protocol: "17" - sourceType: "CIDR_BLOCK" - description: "Calico VXLAN" - udpOptions: - destinationPortRange: - max: 4789 - min: 4789 - - ingressRule: - isStateless: false - source: "10.0.0.0/29" - protocol: "17" - sourceType: "CIDR_BLOCK" - description: "Calico VXLAN" - udpOptions: - destinationPortRange: - max: 4789 - min: 4789 - - name: worker - role: worker - egressRules: - - egressRule: - isStateless: false - destination: "0.0.0.0/0" - protocol: "all" - destinationType: "CIDR_BLOCK" - description: "Worker node access to Internet" - ingressRules: - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Inbound SSH traffic to worker node" - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - ingressRule: - isStateless: false - source: "10.0.0.0/16" - protocol: "1" - sourceType: "CIDR_BLOCK" - description: "Path discovery" - icmpOptions: - code: 4 - type: 3 - - ingressRule: - isStateless: false - source: "10.0.0.0/29" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Control Plane to worker node Kubelet Communication" - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - isStateless: false - source: "10.0.64.0/20" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Worker node to worker node Kubelet Communication" - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - isStateless: false - source: "10.0.64.0/20" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Worker node to default NodePort ingress communication" - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - - ingressRule: - isStateless: false - source: "10.0.64.0/20" - protocol: "17" - sourceType: "CIDR_BLOCK" - description: "Calico VXLAN" - udpOptions: - destinationPortRange: - max: 4789 - min: 4789 - - ingressRule: - isStateless: false - source: "10.0.0.0/29" - protocol: "17" - sourceType: "CIDR_BLOCK" - description: "Calico VXLAN" - udpOptions: - destinationPortRange: - max: 4789 - min: 4789 - - name: service-lb - role: service-lb - egressRules: - - egressRule: - isStateless: false - destination: "10.0.64.0/20" - protocol: "6" - destinationType: "CIDR_BLOCK" - description: "Service LoadBalancer to default NodePort egress communication" - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - ingressRules: - - ingressRule: - isStateless: false - source: "10.0.0.0/16" - protocol: "1" - sourceType: "CIDR_BLOCK" - description: "Path discovery" - icmpOptions: - code: 4 - type: 3 - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Accept http traffic on port 80" - tcpOptions: - destinationPortRange: - max: 80 - min: 80 - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Accept http traffic on port 443" - tcpOptions: - destinationPortRange: - max: 443 - min: 443 + networkSecurityGroup: + list: + - name: control-plane-endpoint + role: control-plane-endpoint + egressRules: + - egressRule: + isStateless: false + destination: "10.0.0.0/29" + protocol: "6" + destinationType: "CIDR_BLOCK" + description: "Kubernetes API traffic to Control Plane" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + ingressRules: + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "External access to Kubernetes API endpoint" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + isStateless: false + source: "10.0.0.0/16" + protocol: "1" + sourceType: "CIDR_BLOCK" + description: "Path discovery" + icmpOptions: + code: 4 + type: 3 + - name: control-plane + role: control-plane + egressRules: + - egressRule: + isStateless: false + destination: "0.0.0.0/0" + protocol: "all" + destinationType: "CIDR_BLOCK" + description: "Control Plane access to Internet" + ingressRules: + - ingressRule: + isStateless: false + source: "10.0.0.8/29" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Kubernetes API endpoint to Control Plane(apiserver port)" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + isStateless: false + source: "10.0.0.0/29" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Control plane node to Control Plane(apiserver port) communication" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + isStateless: false + source: "10.0.64.0/20" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Worker Node to Control Plane(apiserver port) communication" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + isStateless: false + source: "10.0.0.0/29" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "etcd client communication" + tcpOptions: + destinationPortRange: + max: 2379 + min: 2379 + - ingressRule: + isStateless: false + source: "10.0.0.0/29" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "etcd peer" + tcpOptions: + destinationPortRange: + max: 2380 + min: 2380 + - ingressRule: + isStateless: false + source: "10.0.0.0/16" + protocol: "1" + sourceType: "CIDR_BLOCK" + description: "Path discovery" + icmpOptions: + code: 4 + type: 3 + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Inbound SSH traffic to Control Plane" + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - ingressRule: + isStateless: false + source: "10.0.0.0/29" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Control Plane to Control Plane Kubelet Communication" + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + isStateless: false + source: "10.0.64.0/20" + protocol: "17" + sourceType: "CIDR_BLOCK" + description: "Calico VXLAN" + udpOptions: + destinationPortRange: + max: 4789 + min: 4789 + - ingressRule: + isStateless: false + source: "10.0.0.0/29" + protocol: "17" + sourceType: "CIDR_BLOCK" + description: "Calico VXLAN" + udpOptions: + destinationPortRange: + max: 4789 + min: 4789 + - name: worker + role: worker + egressRules: + - egressRule: + isStateless: false + destination: "0.0.0.0/0" + protocol: "all" + destinationType: "CIDR_BLOCK" + description: "Worker node access to Internet" + ingressRules: + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Inbound SSH traffic to worker node" + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - ingressRule: + isStateless: false + source: "10.0.0.0/16" + protocol: "1" + sourceType: "CIDR_BLOCK" + description: "Path discovery" + icmpOptions: + code: 4 + type: 3 + - ingressRule: + isStateless: false + source: "10.0.0.0/29" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Control Plane to worker node Kubelet Communication" + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + isStateless: false + source: "10.0.64.0/20" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Worker node to worker node Kubelet Communication" + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + isStateless: false + source: "10.0.64.0/20" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Worker node to default NodePort ingress communication" + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + - ingressRule: + isStateless: false + source: "10.0.64.0/20" + protocol: "17" + sourceType: "CIDR_BLOCK" + description: "Calico VXLAN" + udpOptions: + destinationPortRange: + max: 4789 + min: 4789 + - ingressRule: + isStateless: false + source: "10.0.0.0/29" + protocol: "17" + sourceType: "CIDR_BLOCK" + description: "Calico VXLAN" + udpOptions: + destinationPortRange: + max: 4789 + min: 4789 + - name: service-lb + role: service-lb + egressRules: + - egressRule: + isStateless: false + destination: "10.0.64.0/20" + protocol: "6" + destinationType: "CIDR_BLOCK" + description: "Service LoadBalancer to default NodePort egress communication" + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + ingressRules: + - ingressRule: + isStateless: false + source: "10.0.0.0/16" + protocol: "1" + sourceType: "CIDR_BLOCK" + description: "Path discovery" + icmpOptions: + code: 4 + type: 3 + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Accept http traffic on port 80" + tcpOptions: + destinationPortRange: + max: 80 + min: 80 + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Accept http traffic on port 443" + tcpOptions: + destinationPortRange: + max: 443 + min: 443 subnets: - name: control-plane-endpoint role: control-plane-endpoint @@ -334,7 +335,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -363,7 +364,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -378,7 +379,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-win" @@ -438,5 +439,5 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-win" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate \ No newline at end of file diff --git a/templates/cluster-template.yaml b/templates/cluster-template.yaml index 63c26e4f..c15a7952 100644 --- a/templates/cluster-template.yaml +++ b/templates/cluster-template.yaml @@ -15,7 +15,7 @@ spec: cidrBlocks: - ${SERVICE_CIDR:="10.128.0.0/12"} infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" @@ -25,7 +25,7 @@ spec: name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -45,7 +45,7 @@ spec: machineTemplate: infrastructureRef: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: "${CLUSTER_NAME}-control-plane" namespace: "${NAMESPACE}" kubeadmConfigSpec: @@ -72,7 +72,7 @@ spec: provider-id: oci://{{ ds["id"] }} --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: @@ -87,7 +87,7 @@ spec: ssh_authorized_keys: "${OCI_SSH_KEY}" isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" @@ -136,5 +136,5 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-0" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate \ No newline at end of file diff --git a/templates/clusterclass-example.yaml b/templates/clusterclass-example.yaml index ca500375..02a9530e 100644 --- a/templates/clusterclass-example.yaml +++ b/templates/clusterclass-example.yaml @@ -11,11 +11,11 @@ spec: machineInfrastructure: ref: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: control-plane infrastructure: ref: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterTemplate name: ocicluster workers: @@ -29,7 +29,7 @@ spec: name: worker-bootstrap-template infrastructure: ref: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate name: worker-machine-template variables: @@ -71,7 +71,7 @@ spec: - name: compartmentId definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterTemplate matchResources: infrastructureCluster: true @@ -83,7 +83,7 @@ spec: - name: sshAuthorizedKeys definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate matchResources: controlPlane: true @@ -98,7 +98,7 @@ spec: - name: shape definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate matchResources: controlPlane: true @@ -113,7 +113,7 @@ spec: - name: imageId definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate matchResources: controlPlane: true @@ -128,7 +128,7 @@ spec: - name: isPvEncryptionInTransitEnabled definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate matchResources: controlPlane: true @@ -143,7 +143,7 @@ spec: - name: ocpus definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate matchResources: controlPlane: true @@ -156,7 +156,7 @@ spec: valueFrom: variable: ocpus --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterTemplate metadata: name: ocicluster @@ -193,7 +193,7 @@ spec: cloud-provider: external provider-id: oci://{{ ds["id"] }} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: control-plane @@ -206,7 +206,7 @@ spec: shapeConfig: {} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: worker-machine-template diff --git a/test/e2e/config/e2e_conf.yaml b/test/e2e/config/e2e_conf.yaml index f3300655..8e0c8747 100644 --- a/test/e2e/config/e2e_conf.yaml +++ b/test/e2e/config/e2e_conf.yaml @@ -50,31 +50,31 @@ providers: versions: - name: v1.0.0 value: ../../../config/default - contract: v1beta1 + contract: v1beta2 files: - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-alternative-region.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-bare-metal.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-kcp-remediation.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-md-remediation.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-node-drain.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-antrea.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-oracle-linux.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-custom-networking-seclist.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-alternative-region.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-bare-metal.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-kcp-remediation.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-md-remediation.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-node-drain.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-antrea.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-oracle-linux.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-custom-networking-seclist.yaml" - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-custom-networking-nsg.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-cluster-class.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-cluster-class/clusterclass-test-cluster-class.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-local-vcn-peering.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-externally-managed-vcn.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-machine-pool.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-managed.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-cluster-identity.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/cluster-template-windows-calico.yaml" - - sourcePath: "../data/infrastructure-oci/v1beta1/metadata.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-cluster-class.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-cluster-class/clusterclass-test-cluster-class.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-local-vcn-peering.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-externally-managed-vcn.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-machine-pool.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-managed.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-cluster-identity.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/cluster-template-windows-calico.yaml" + - sourcePath: "../data/infrastructure-oci/v1beta2/metadata.yaml" variables: KUBERNETES_VERSION: "v1.25.6" diff --git a/test/e2e/data/infrastructure-oci/v1beta1/bases/ccm.yaml b/test/e2e/data/infrastructure-oci/bases/ccm.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/bases/ccm.yaml rename to test/e2e/data/infrastructure-oci/bases/ccm.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/bases/crs.yaml b/test/e2e/data/infrastructure-oci/bases/crs.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/bases/crs.yaml rename to test/e2e/data/infrastructure-oci/bases/crs.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-antrea/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-antrea/cluster.yaml deleted file mode 100644 index 843411a9..00000000 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-antrea/cluster.yaml +++ /dev/null @@ -1,217 +0,0 @@ -apiVersion: cluster.x-k8s.io/v1beta1 -kind: Cluster -metadata: - labels: - cni: "antrea" - name: "${CLUSTER_NAME}" - namespace: default ---- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -kind: OCICluster -metadata: - name: "${CLUSTER_NAME}" -spec: - networkSpec: - vcn: - networkSecurityGroups: - - egressRules: - - egressRule: - description: Control Plane Nodes access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - ingressRules: - - ingressRule: - description: Kubernetes API endpoint to Kubernetes control plane node(apiserver - port) communication - isStateless: false - protocol: "6" - source: 10.0.0.8/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Control plane node to control plane node(apiserver port) - communication - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Worker Node to Kubernetes control plane node(apiserver port) - communication - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: etcd client communication - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2379 - min: 2379 - - ingressRule: - description: etcd peer - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2380 - min: 2380 - - ingressRule: - description: Antrea Service - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10349 - min: 10349 - - ingressRule: - description: Antrea Service - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10349 - min: 10349 - - ingressRule: - description: Geneve Service - isStateless: false - protocol: "17" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - udpOptions: - destinationPortRange: - max: 6081 - min: 6081 - - ingressRule: - description: Geneve Service - isStateless: false - protocol: "17" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - udpOptions: - destinationPortRange: - max: 6081 - min: 6081 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.0.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Inbound SSH traffic to control plane nodes - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - name: control-plane - role: control-plane - - egressRules: - - egressRule: - description: Worker Nodes access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - ingressRules: - - ingressRule: - description: Inbound SSH traffic to worker nodes - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.0.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Control plane nodes to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Worker nodes to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Geneve Service - isStateless: false - protocol: "17" - source: 10.0.0.0/29 - sourceType: CIDR_BLOCK - udpOptions: - destinationPortRange: - max: 6081 - min: 6081 - - ingressRule: - description: Geneve Service - isStateless: false - protocol: "17" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - udpOptions: - destinationPortRange: - max: 6081 - min: 6081 - - ingressRule: - description: Worker node to default NodePort ingress communication - isStateless: false - protocol: "6" - source: 10.0.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - name: worker - role: worker \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-custom-networking-nsg/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-custom-networking-nsg/kustomization.yaml index 4500575a..6c9ccdd8 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-custom-networking-nsg/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-custom-networking-nsg/kustomization.yaml @@ -1,7 +1,7 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml -- ../bases/crs.yaml -- ../bases/ccm.yaml +- ../../bases/crs.yaml +- ../../bases/ccm.yaml patchesStrategicMerge: - ./cluster.yaml \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-local-vcn-peering/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-local-vcn-peering/cluster.yaml deleted file mode 100644 index 3e326ced..00000000 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-local-vcn-peering/cluster.yaml +++ /dev/null @@ -1,312 +0,0 @@ ---- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -kind: OCICluster -metadata: - name: "${CLUSTER_NAME}" -spec: - networkSpec: - vcnPeering: - drg: - id: "${LOCAL_DRG_ID}" - peerRouteRules: - - vcnCIDRRange: "10.0.0.0/16" - vcn: - cidr: "10.1.0.0/16" - networkSecurityGroups: - - egressRules: - - egressRule: - description: Kubernetes API traffic to Control Plane - destination: 10.1.0.0/29 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - ingressRules: - - ingressRule: - description: External access to Kubernetes API endpoint - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - name: control-plane-endpoint - role: control-plane-endpoint - - egressRules: - - egressRule: - description: Control Plane access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - ingressRules: - - ingressRule: - description: Kubernetes API endpoint to Control Plane(apiserver port) - communication - isStateless: false - protocol: "6" - source: 10.1.0.8/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Control plane node to Control Plane(apiserver port) communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Worker Node to Control Plane(apiserver port) communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: etcd client communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2379 - min: 2379 - - ingressRule: - description: etcd peer - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2380 - min: 2380 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Inbound SSH traffic to Control Plane - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - name: control-plane - role: control-plane - - egressRules: - - egressRule: - description: Worker node access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - id: C2F829 - ingressRules: - - ingressRule: - description: Inbound SSH traffic to worker node - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Control Plane to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Worker node to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 11.0.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Worker node to default NodePort ingress communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - name: worker - role: worker - - egressRules: - - egressRule: - description: Service LoadBalancer to default NodePort egress communication - destination: 10.1.64.0/20 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - ingressRules: - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Accept http traffic on port 80 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 80 - min: 80 - - ingressRule: - description: Accept https traffic on port 443 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 443 - min: 443 - name: service-lb - role: service-lb - subnets: - - cidr: 10.1.0.8/29 - name: control-plane-endpoint - role: control-plane-endpoint - type: private - - cidr: 10.1.0.0/29 - name: control-plane - role: control-plane - type: private - - cidr: 10.1.0.32/27 - name: service-lb - role: service-lb - type: public - - cidr: 10.1.64.0/20 - name: worker - role: worker - type: private \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg/cluster.yaml deleted file mode 100644 index 56f5e7c4..00000000 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg/cluster.yaml +++ /dev/null @@ -1,136 +0,0 @@ ---- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -kind: OCICluster -metadata: - name: "${CLUSTER_NAME}" -spec: - networkSpec: - vcn: - name: ${CLUSTER_NAME}-test - networkSecurityGroups: - - name: ep-nsg - role: control-plane-endpoint - egressRules: - - egressRule: - isStateless: false - destination: "10.0.5.0/28" - protocol: "6" - destinationType: "CIDR_BLOCK" - description: "All traffic to control plane nodes" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - ingressRules: - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "External access to Kubernetes API endpoint" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - isStateless: false - source: "10.0.5.0/28" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "Control plane worker nodes to API Server endpoint" - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "SSH access" - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - name: cp-mc-nsg - role: control-plane - egressRules: - - egressRule: - isStateless: false - destination: "0.0.0.0/0" - protocol: "6" - destinationType: "CIDR_BLOCK" - description: "control plane machine access to internet" - ingressRules: - - ingressRule: - isStateless: false - source: "10.0.0.0/16" - protocol: "all" - sourceType: "CIDR_BLOCK" - description: "Allow inter vcn communication" - - ingressRule: - isStateless: false - source: "0.0.0.0/0" - protocol: "6" - sourceType: "CIDR_BLOCK" - description: "SSH access" - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - name: worker-nsg-1 - role: worker - egressRules: - - egressRule: - isStateless: false - destination: "0.0.0.0/0" - protocol: "6" - destinationType: "CIDR_BLOCK" - description: "Worker Nodes access to Internet" - ingressRules: - - ingressRule: - isStateless: false - source: "10.0.0.0/16" - protocol: "all" - sourceType: "CIDR_BLOCK" - description: "Allow inter vcn communication" - - name: worker-nsg-2 - role: worker - egressRules: - - egressRule: - isStateless: false - destination: "0.0.0.0/0" - protocol: "6" - destinationType: "CIDR_BLOCK" - description: "Worker Nodes access to Internet" - ingressRules: - - ingressRule: - isStateless: false - source: "10.0.0.0/16" - protocol: "all" - sourceType: "CIDR_BLOCK" - description: "Allow inter vcn communication" - - name: service-lb-nsg - role: service-lb - ingressRules: - - ingressRule: - isStateless: false - source: "10.0.0.0/16" - protocol: "all" - sourceType: "CIDR_BLOCK" - description: "Allow ingress from vcn subnets" - subnets: - - name: ep-subnet - role: control-plane-endpoint - type: public - - name: cp-mc-subnet - role: control-plane - type: private - - name: worker-subnet-1 - role: worker - type: private - cidr: "10.0.10.0/24" - - name: worker-subnet-2 - role: worker - type: private - cidr: "10.0.30.0/24" - - name: svc-lb-subnet - role: service-lb - type: public - diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering/cluster.yaml deleted file mode 100644 index 5a98be1d..00000000 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering/cluster.yaml +++ /dev/null @@ -1,327 +0,0 @@ ---- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -kind: OCICluster -metadata: - name: "${CLUSTER_NAME}" -spec: - region: "${OCI_ALTERNATIVE_REGION}" - networkSpec: - vcnPeering: - drg: - manage: true - peerRouteRules: - - vcnCIDRRange: "10.0.0.0/16" - remotePeeringConnections: - - managePeerRPC: true - peerDRGId: "${PEER_DRG_ID}" - peerRegionName: "${PEER_REGION_NAME}" - vcn: - cidr: "10.1.0.0/16" - networkSecurityGroups: - - egressRules: - - egressRule: - description: Kubernetes API traffic to Control Plane - destination: 10.1.0.0/29 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - ingressRules: - - ingressRule: - description: External access to Kubernetes API endpoint - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - name: control-plane-endpoint - role: control-plane-endpoint - - egressRules: - - egressRule: - description: Control Plane access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - ingressRules: - - ingressRule: - description: Kubernetes API endpoint to Control Plane(apiserver port) - communication - isStateless: false - protocol: "6" - source: 10.1.0.8/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Control plane node to Control Plane(apiserver port) communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: Worker Node to Control Plane(apiserver port) communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 6443 - min: 6443 - - ingressRule: - description: etcd client communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2379 - min: 2379 - - ingressRule: - description: etcd peer - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 2380 - min: 2380 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Inbound SSH traffic to Control Plane - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - name: control-plane - role: control-plane - - egressRules: - - egressRule: - description: Worker node access to Internet - destination: 0.0.0.0/0 - destinationType: CIDR_BLOCK - isStateless: false - protocol: all - id: C2F829 - ingressRules: - - ingressRule: - description: Inbound SSH traffic to worker node - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 22 - min: 22 - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Control Plane to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Worker node to worker node Kubelet Communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 10250 - min: 10250 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking (BGP) - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 179 - min: 179 - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 10.1.0.0/29 - sourceType: CIDR_BLOCK - - ingressRule: - description: Calico networking with IP-in-IP enabled - isStateless: false - protocol: "4" - source: 11.0.64.0/20 - sourceType: CIDR_BLOCK - - ingressRule: - description: Worker node to default NodePort ingress communication - isStateless: false - protocol: "6" - source: 10.1.64.0/20 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - name: worker - role: worker - - egressRules: - - egressRule: - description: Service LoadBalancer to default NodePort egress communication - destination: 10.1.64.0/20 - destinationType: CIDR_BLOCK - isStateless: false - protocol: "6" - tcpOptions: - destinationPortRange: - max: 32767 - min: 30000 - ingressRules: - - ingressRule: - description: Path discovery - icmpOptions: - code: 3 - type: 3 - isStateless: false - protocol: "1" - source: 10.1.0.0/16 - sourceType: CIDR_BLOCK - - ingressRule: - description: Accept http traffic on port 80 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 80 - min: 80 - - ingressRule: - description: Accept https traffic on port 443 - isStateless: false - protocol: "6" - source: 0.0.0.0/0 - sourceType: CIDR_BLOCK - tcpOptions: - destinationPortRange: - max: 443 - min: 443 - name: service-lb - role: service-lb - subnets: - - cidr: 10.1.0.8/29 - name: control-plane-endpoint - role: control-plane-endpoint - type: private - - cidr: 10.1.0.0/29 - name: control-plane - role: control-plane - type: private - - cidr: 10.1.0.32/27 - name: service-lb - role: service-lb - type: public - - cidr: 10.1.64.0/20 - name: worker - role: worker - type: private ---- ---- -kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -metadata: - name: "${CLUSTER_NAME}-control-plane" -spec: - template: - spec: - imageId: "${OCI_ALTERNATIVE_REGION_IMAGE_ID}" \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta2/bases/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/bases/cluster.yaml new file mode 100644 index 00000000..1746fad4 --- /dev/null +++ b/test/e2e/data/infrastructure-oci/v1beta2/bases/cluster.yaml @@ -0,0 +1,88 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cluster.x-k8s.io/cluster-name: "${CLUSTER_NAME}" + cni: "calico" + name: "${CLUSTER_NAME}" + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - ${POD_CIDR:="192.168.0.0/16"} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + services: + cidrBlocks: + - ${SERVICE_CIDR:="10.128.0.0/12"} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OCICluster + name: "${CLUSTER_NAME}" + namespace: "${NAMESPACE}" + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: "${CLUSTER_NAME}-control-plane" + namespace: "${NAMESPACE}" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: OCICluster +metadata: + labels: + cluster.x-k8s.io/cluster-name: "${CLUSTER_NAME}" + name: "${CLUSTER_NAME}" +spec: + compartmentId: "${OCI_COMPARTMENT_ID}" +--- +kind: KubeadmControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: "${CLUSTER_NAME}-control-plane" + namespace: default +spec: + version: "${KUBERNETES_VERSION}" + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + machineTemplate: + infrastructureRef: + kind: OCIMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + name: "${CLUSTER_NAME}-control-plane" + namespace: "${NAMESPACE}" + kubeadmConfigSpec: + clusterConfiguration: + kubernetesVersion: ${KUBERNETES_VERSION} + apiServer: + certSANs: [localhost, 127.0.0.1] + dns: {} + etcd: {} + networking: {} + scheduler: {} + initConfiguration: + nodeRegistration: + criSocket: /var/run/containerd/containerd.sock + kubeletExtraArgs: + cloud-provider: external + provider-id: oci://{{ ds["id"] }} + joinConfiguration: + discovery: {} + nodeRegistration: + criSocket: /var/run/containerd/containerd.sock + kubeletExtraArgs: + cloud-provider: external + provider-id: oci://{{ ds["id"] }} +--- +kind: OCIMachineTemplate +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + template: + spec: + imageId: "${OCI_IMAGE_ID}" + compartmentId: "${OCI_COMPARTMENT_ID}" + shape: "${OCI_CONTROL_PLANE_MACHINE_TYPE}" + shapeConfig: + ocpus: "1" + metadata: + ssh_authorized_keys: "${OCI_SSH_KEY}" diff --git a/test/e2e/data/infrastructure-oci/v1beta2/bases/md.yaml b/test/e2e/data/infrastructure-oci/v1beta2/bases/md.yaml new file mode 100644 index 00000000..06e710b4 --- /dev/null +++ b/test/e2e/data/infrastructure-oci/v1beta2/bases/md.yaml @@ -0,0 +1,50 @@ +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: OCIMachineTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: + spec: + imageId: "${OCI_IMAGE_ID}" + compartmentId: "${OCI_COMPARTMENT_ID}" + shape: "${OCI_NODE_MACHINE_TYPE}" + shapeConfig: + ocpus: "1" + metadata: + ssh_authorized_keys: "${OCI_SSH_KEY}" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4 +kind: KubeadmConfigTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + provider-id: oci://{{ ds["id"] }} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: + template: + spec: + clusterName: "${CLUSTER_NAME}" + version: "${KUBERNETES_VERSION}" + bootstrap: + configRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + infrastructureRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OCIMachineTemplate \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-alternative-region/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-alternative-region/cluster.yaml similarity index 75% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-alternative-region/cluster.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-alternative-region/cluster.yaml index c73417e9..9825f973 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-alternative-region/cluster.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-alternative-region/cluster.yaml @@ -1,4 +1,4 @@ -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: labels: @@ -8,7 +8,7 @@ spec: region: "${OCI_ALTERNATIVE_REGION}" --- kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-alternative-region/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-alternative-region/kustomization.yaml similarity index 68% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-alternative-region/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-alternative-region/kustomization.yaml index e9e16ce0..2ce43326 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-alternative-region/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-alternative-region/kustomization.yaml @@ -1,8 +1,8 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml - - ../bases/crs.yaml - - ../bases/ccm.yaml + - ../../bases/crs.yaml + - ../../bases/ccm.yaml patchesStrategicMerge: - ./cluster.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering/md.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-alternative-region/md.yaml similarity index 73% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering/md.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-alternative-region/md.yaml index 58e932bb..546f401e 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering/md.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-alternative-region/md.yaml @@ -1,4 +1,4 @@ -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" diff --git a/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-antrea/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-antrea/cluster.yaml new file mode 100644 index 00000000..626ee412 --- /dev/null +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-antrea/cluster.yaml @@ -0,0 +1,218 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni: "antrea" + name: "${CLUSTER_NAME}" + namespace: default +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: OCICluster +metadata: + name: "${CLUSTER_NAME}" +spec: + networkSpec: + vcn: + networkSecurityGroup: + list: + - egressRules: + - egressRule: + description: Control Plane Nodes access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Kubernetes API endpoint to Kubernetes control plane node(apiserver + port) communication + isStateless: false + protocol: "6" + source: 10.0.0.8/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Control plane node to control plane node(apiserver port) + communication + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Worker Node to Kubernetes control plane node(apiserver port) + communication + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: etcd client communication + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2379 + min: 2379 + - ingressRule: + description: etcd peer + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2380 + min: 2380 + - ingressRule: + description: Antrea Service + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10349 + min: 10349 + - ingressRule: + description: Antrea Service + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10349 + min: 10349 + - ingressRule: + description: Geneve Service + isStateless: false + protocol: "17" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + udpOptions: + destinationPortRange: + max: 6081 + min: 6081 + - ingressRule: + description: Geneve Service + isStateless: false + protocol: "17" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + udpOptions: + destinationPortRange: + max: 6081 + min: 6081 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.0.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Inbound SSH traffic to control plane nodes + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + name: control-plane + role: control-plane + - egressRules: + - egressRule: + description: Worker Nodes access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Inbound SSH traffic to worker nodes + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.0.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Control plane nodes to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Worker nodes to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Geneve Service + isStateless: false + protocol: "17" + source: 10.0.0.0/29 + sourceType: CIDR_BLOCK + udpOptions: + destinationPortRange: + max: 6081 + min: 6081 + - ingressRule: + description: Geneve Service + isStateless: false + protocol: "17" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + udpOptions: + destinationPortRange: + max: 6081 + min: 6081 + - ingressRule: + description: Worker node to default NodePort ingress communication + isStateless: false + protocol: "6" + source: 10.0.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + name: worker + role: worker \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-antrea/crs.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-antrea/crs.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-antrea/crs.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-antrea/crs.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-antrea/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-antrea/kustomization.yaml similarity index 81% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-antrea/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-antrea/kustomization.yaml index 6a79083f..2ae86e76 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-antrea/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-antrea/kustomization.yaml @@ -2,7 +2,7 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml - crs.yaml - - ../bases/ccm.yaml + - ../../bases/ccm.yaml patchesStrategicMerge: - ./cluster.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-bare-metal/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-bare-metal/cluster.yaml similarity index 82% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-bare-metal/cluster.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-bare-metal/cluster.yaml index 323eff41..1fe578a9 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-bare-metal/cluster.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-bare-metal/cluster.yaml @@ -1,5 +1,5 @@ kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-bare-metal/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-bare-metal/kustomization.yaml similarity index 68% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-bare-metal/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-bare-metal/kustomization.yaml index 98d74436..4d4823b7 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-bare-metal/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-bare-metal/kustomization.yaml @@ -1,8 +1,8 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml - - ../bases/crs.yaml - - ../bases/ccm.yaml + - ../../bases/crs.yaml + - ../../bases/ccm.yaml patchesStrategicMerge: - ./cluster.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-bare-metal/md.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-bare-metal/md.yaml similarity index 81% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-bare-metal/md.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-bare-metal/md.yaml index 2d99f19c..8cc6e9e6 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-bare-metal/md.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-bare-metal/md.yaml @@ -1,4 +1,4 @@ -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-class/cluster-template.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-class/cluster-template.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-class/cluster-template.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-class/cluster-template.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-class/clusterclass-test-cluster-class.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-class/clusterclass-test-cluster-class.yaml similarity index 88% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-class/clusterclass-test-cluster-class.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-class/clusterclass-test-cluster-class.yaml index 6a419b26..90a38a55 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-class/clusterclass-test-cluster-class.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-class/clusterclass-test-cluster-class.yaml @@ -11,11 +11,11 @@ spec: machineInfrastructure: ref: kind: OCIMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 name: control-plane infrastructure: ref: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterTemplate name: ocicluster workers: @@ -29,7 +29,7 @@ spec: name: worker-bootstrap-template infrastructure: ref: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate name: worker-machine-template variables: @@ -71,7 +71,7 @@ spec: - name: compartmentId definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterTemplate matchResources: infrastructureCluster: true @@ -83,7 +83,7 @@ spec: - name: sshAuthorizedKeys definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate matchResources: controlPlane: true @@ -98,7 +98,7 @@ spec: - name: shape definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate matchResources: controlPlane: true @@ -113,7 +113,7 @@ spec: - name: imageId definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate matchResources: controlPlane: true @@ -128,7 +128,7 @@ spec: - name: isPvEncryptionInTransitEnabled definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate matchResources: controlPlane: true @@ -143,7 +143,7 @@ spec: - name: ocpus definitions: - selector: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate matchResources: controlPlane: true @@ -156,7 +156,7 @@ spec: valueFrom: variable: ocpus --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterTemplate metadata: name: ocicluster @@ -193,7 +193,7 @@ spec: cloud-provider: external provider-id: oci://{{ ds["id"] }} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: control-plane @@ -205,7 +205,7 @@ spec: metadata: {} shapeConfig: {} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: worker-machine-template diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-class/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-class/kustomization.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-class/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-class/kustomization.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-identity/cluster-identity.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-identity/cluster-identity.yaml similarity index 90% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-identity/cluster-identity.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-identity/cluster-identity.yaml index 3b76b1e6..a6c1f0c9 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-identity/cluster-identity.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-identity/cluster-identity.yaml @@ -1,4 +1,4 @@ -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterIdentity metadata: name: cluster-identity-user-principal diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-identity/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-identity/cluster.yaml similarity index 62% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-identity/cluster.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-identity/cluster.yaml index f515abc9..a5c0e432 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-identity/cluster.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-identity/cluster.yaml @@ -1,11 +1,11 @@ --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: name: "${CLUSTER_NAME}" spec: identityRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterIdentity name: cluster-identity-user-principal namespace: "${NAMESPACE}" diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-identity/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-identity/kustomization.yaml similarity index 71% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-identity/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-identity/kustomization.yaml index 878b30f4..1da938c5 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-cluster-identity/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-cluster-identity/kustomization.yaml @@ -1,8 +1,8 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml - - ../bases/crs.yaml - - ../bases/ccm.yaml + - ../../bases/crs.yaml + - ../../bases/ccm.yaml - ./cluster-identity.yaml patchesStrategicMerge: diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-custom-networking-seclist/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-custom-networking-seclist/cluster.yaml similarity index 98% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-custom-networking-seclist/cluster.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-custom-networking-seclist/cluster.yaml index 520d768c..42ae1782 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-custom-networking-seclist/cluster.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-custom-networking-seclist/cluster.yaml @@ -1,5 +1,5 @@ --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: name: "${CLUSTER_NAME}" diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-custom-networking-seclist/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-custom-networking-seclist/kustomization.yaml similarity index 66% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-custom-networking-seclist/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-custom-networking-seclist/kustomization.yaml index 4500575a..6c9ccdd8 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-custom-networking-seclist/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-custom-networking-seclist/kustomization.yaml @@ -1,7 +1,7 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml -- ../bases/crs.yaml -- ../bases/ccm.yaml +- ../../bases/crs.yaml +- ../../bases/ccm.yaml patchesStrategicMerge: - ./cluster.yaml \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-externally-managed-vcn/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-externally-managed-vcn/cluster.yaml similarity index 53% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-externally-managed-vcn/cluster.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-externally-managed-vcn/cluster.yaml index aa2e3842..a9166614 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-externally-managed-vcn/cluster.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-externally-managed-vcn/cluster.yaml @@ -1,5 +1,5 @@ --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCICluster metadata: name: "${CLUSTER_NAME}" @@ -8,16 +8,17 @@ spec: skipNetworkManagement: true vcn: id: "${EXTERNAL_VCN_ID}" - networkSecurityGroups: - - id: "${EXTERNAL_VCN_CPE_NSG}" - role: control-plane-endpoint - name: control-plane-endpoint - - id: "${EXTERNAL_VCN_WORKER_NSG}" - role: worker - name: worker - - id: "${EXTERNAL_VCN_CP_NSG}" - role: control-plane - name: control-plane + networkSecurityGroup: + list: + - id: "${EXTERNAL_VCN_CPE_NSG}" + role: control-plane-endpoint + name: control-plane-endpoint + - id: "${EXTERNAL_VCN_WORKER_NSG}" + role: worker + name: worker + - id: "${EXTERNAL_VCN_CP_NSG}" + role: control-plane + name: control-plane subnets: - id: "${EXTERNAL_VCN_CPE_SUBNET}" role: control-plane-endpoint diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-local-vcn-peering/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-externally-managed-vcn/kustomization.yaml similarity index 79% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-local-vcn-peering/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-externally-managed-vcn/kustomization.yaml index fe762a59..821fe11f 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-local-vcn-peering/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-externally-managed-vcn/kustomization.yaml @@ -1,7 +1,7 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml - - ../bases/ccm.yaml + - ../../bases/ccm.yaml patchesStrategicMerge: - ./cluster.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-kcp-remediation/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-kcp-remediation/kustomization.yaml similarity index 57% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-kcp-remediation/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-kcp-remediation/kustomization.yaml index 8ae3f8a2..d45a7054 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-kcp-remediation/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-kcp-remediation/kustomization.yaml @@ -2,5 +2,5 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml - mhc.yaml - - ../bases/crs.yaml - - ../bases/ccm.yaml + - ../../bases/crs.yaml + - ../../bases/ccm.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-kcp-remediation/mhc.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-kcp-remediation/mhc.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-kcp-remediation/mhc.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-kcp-remediation/mhc.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-local-vcn-peering/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-local-vcn-peering/cluster.yaml new file mode 100644 index 00000000..c01982e2 --- /dev/null +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-local-vcn-peering/cluster.yaml @@ -0,0 +1,312 @@ +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: OCICluster +metadata: + name: "${CLUSTER_NAME}" +spec: + networkSpec: + vcnPeering: + drg: + id: "${LOCAL_DRG_ID}" + peerRouteRules: + - vcnCIDRRange: "10.0.0.0/16" + vcn: + cidr: "10.1.0.0/16" + networkSecurityGroup: + list: + - egressRules: + - egressRule: + description: Kubernetes API traffic to Control Plane + destination: 10.1.0.0/29 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + ingressRules: + - ingressRule: + description: External access to Kubernetes API endpoint + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + name: control-plane-endpoint + role: control-plane-endpoint + - egressRules: + - egressRule: + description: Control Plane access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Kubernetes API endpoint to Control Plane(apiserver port) + communication + isStateless: false + protocol: "6" + source: 10.1.0.8/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Control plane node to Control Plane(apiserver port) communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Worker Node to Control Plane(apiserver port) communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: etcd client communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2379 + min: 2379 + - ingressRule: + description: etcd peer + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2380 + min: 2380 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Inbound SSH traffic to Control Plane + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + name: control-plane + role: control-plane + - egressRules: + - egressRule: + description: Worker node access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Inbound SSH traffic to worker node + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Control Plane to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Worker node to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 11.0.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Worker node to default NodePort ingress communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + name: worker + role: worker + - egressRules: + - egressRule: + description: Service LoadBalancer to default NodePort egress communication + destination: 10.1.64.0/20 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + ingressRules: + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Accept http traffic on port 80 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 80 + min: 80 + - ingressRule: + description: Accept https traffic on port 443 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 443 + min: 443 + name: service-lb + role: service-lb + subnets: + - cidr: 10.1.0.8/29 + name: control-plane-endpoint + role: control-plane-endpoint + type: private + - cidr: 10.1.0.0/29 + name: control-plane + role: control-plane + type: private + - cidr: 10.1.0.32/27 + name: service-lb + role: service-lb + type: public + - cidr: 10.1.64.0/20 + name: worker + role: worker + type: private \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-externally-managed-vcn/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-local-vcn-peering/kustomization.yaml similarity index 79% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-externally-managed-vcn/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-local-vcn-peering/kustomization.yaml index fe762a59..821fe11f 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-externally-managed-vcn/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-local-vcn-peering/kustomization.yaml @@ -1,7 +1,7 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml - - ../bases/ccm.yaml + - ../../bases/ccm.yaml patchesStrategicMerge: - ./cluster.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-machine-pool/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-machine-pool/kustomization.yaml similarity index 70% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-machine-pool/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-machine-pool/kustomization.yaml index dd9c0833..1d4e4d8b 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-machine-pool/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-machine-pool/kustomization.yaml @@ -1,6 +1,6 @@ bases: - ../bases/cluster.yaml - ./machine-pool.yaml - - ../bases/ccm.yaml + - ../../bases/ccm.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-machine-pool/machine-pool.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-machine-pool/machine-pool.yaml similarity index 91% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-machine-pool/machine-pool.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-machine-pool/machine-pool.yaml index f8ee33a1..fbede221 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-machine-pool/machine-pool.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-machine-pool/machine-pool.yaml @@ -16,12 +16,12 @@ spec: name: "${CLUSTER_NAME}-mp-0" clusterName: "${CLUSTER_NAME}" infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachinePool name: "${CLUSTER_NAME}-mp-0" version: "${KUBERNETES_VERSION}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachinePool metadata: name: "${CLUSTER_NAME}-mp-0" diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/cluster-identity.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/cluster-identity.yaml similarity index 89% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/cluster-identity.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/cluster-identity.yaml index c6dce9e5..18d759f3 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/cluster-identity.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/cluster-identity.yaml @@ -1,4 +1,4 @@ -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterIdentity metadata: name: cluster-identity-user-principal diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/cluster.yaml similarity index 75% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/cluster.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/cluster.yaml index 128925e6..cb1e5cc6 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/cluster.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/cluster.yaml @@ -7,17 +7,17 @@ metadata: namespace: "${NAMESPACE}" spec: infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedCluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" controlPlaneRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedControlPlane name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedCluster metadata: labels: @@ -26,13 +26,13 @@ metadata: spec: compartmentId: "${OCI_COMPARTMENT_ID}" identityRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIClusterIdentity name: cluster-identity-user-principal namespace: "${NAMESPACE}" --- kind: OCIManagedControlPlane -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/kustomization.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/kustomization.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/machine-pool.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/machine-pool.yaml similarity index 92% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/machine-pool.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/machine-pool.yaml index 21d7b23b..7a8fefa6 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed-cluster-identity/machine-pool.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed-cluster-identity/machine-pool.yaml @@ -13,12 +13,12 @@ spec: bootstrap: dataSecretName: "" infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool name: ${CLUSTER_NAME}-mp-0 version: ${KUBERNETES_VERSION} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool metadata: name: ${CLUSTER_NAME}-mp-0 diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed/cluster.yaml similarity index 77% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed/cluster.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed/cluster.yaml index 8588eadb..c5370726 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed/cluster.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed/cluster.yaml @@ -7,17 +7,17 @@ metadata: namespace: "${NAMESPACE}" spec: infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedCluster name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" controlPlaneRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedControlPlane name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedCluster metadata: labels: @@ -27,7 +27,7 @@ spec: compartmentId: "${OCI_COMPARTMENT_ID}" --- kind: OCIManagedControlPlane -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}" namespace: "${NAMESPACE}" diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed/kustomization.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed/kustomization.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed/machine-pool.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed/machine-pool.yaml similarity index 92% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed/machine-pool.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed/machine-pool.yaml index 898e28a2..8542abde 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-managed/machine-pool.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-managed/machine-pool.yaml @@ -13,12 +13,12 @@ spec: bootstrap: dataSecretName: "" infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool name: ${CLUSTER_NAME}-mp-0 version: ${KUBERNETES_VERSION} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool metadata: name: ${CLUSTER_NAME}-mp-0 @@ -51,12 +51,12 @@ spec: bootstrap: dataSecretName: "" infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool name: ${CLUSTER_NAME}-mp-1 version: ${KUBERNETES_VERSION} --- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIManagedMachinePool metadata: name: ${CLUSTER_NAME}-mp-1 diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-md-remediation/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-md-remediation/kustomization.yaml similarity index 67% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-md-remediation/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-md-remediation/kustomization.yaml index 97430b6d..e651f6c4 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-md-remediation/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-md-remediation/kustomization.yaml @@ -2,7 +2,7 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml - mhc.yaml - - ../bases/crs.yaml - - ../bases/ccm.yaml + - ../../bases/crs.yaml + - ../../bases/ccm.yaml patchesStrategicMerge: - ./md.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-md-remediation/md.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-md-remediation/md.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-md-remediation/md.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-md-remediation/md.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-md-remediation/mhc.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-md-remediation/mhc.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-md-remediation/mhc.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-md-remediation/mhc.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg/cluster.yaml new file mode 100644 index 00000000..3c9f6ceb --- /dev/null +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg/cluster.yaml @@ -0,0 +1,137 @@ +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: OCICluster +metadata: + name: "${CLUSTER_NAME}" +spec: + networkSpec: + vcn: + name: ${CLUSTER_NAME}-test + networkSecurityGroup: + list: + - name: ep-nsg + role: control-plane-endpoint + egressRules: + - egressRule: + isStateless: false + destination: "10.0.5.0/28" + protocol: "6" + destinationType: "CIDR_BLOCK" + description: "All traffic to control plane nodes" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + ingressRules: + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "External access to Kubernetes API endpoint" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + isStateless: false + source: "10.0.5.0/28" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "Control plane worker nodes to API Server endpoint" + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "SSH access" + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - name: cp-mc-nsg + role: control-plane + egressRules: + - egressRule: + isStateless: false + destination: "0.0.0.0/0" + protocol: "6" + destinationType: "CIDR_BLOCK" + description: "control plane machine access to internet" + ingressRules: + - ingressRule: + isStateless: false + source: "10.0.0.0/16" + protocol: "all" + sourceType: "CIDR_BLOCK" + description: "Allow inter vcn communication" + - ingressRule: + isStateless: false + source: "0.0.0.0/0" + protocol: "6" + sourceType: "CIDR_BLOCK" + description: "SSH access" + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - name: worker-nsg-1 + role: worker + egressRules: + - egressRule: + isStateless: false + destination: "0.0.0.0/0" + protocol: "6" + destinationType: "CIDR_BLOCK" + description: "Worker Nodes access to Internet" + ingressRules: + - ingressRule: + isStateless: false + source: "10.0.0.0/16" + protocol: "all" + sourceType: "CIDR_BLOCK" + description: "Allow inter vcn communication" + - name: worker-nsg-2 + role: worker + egressRules: + - egressRule: + isStateless: false + destination: "0.0.0.0/0" + protocol: "6" + destinationType: "CIDR_BLOCK" + description: "Worker Nodes access to Internet" + ingressRules: + - ingressRule: + isStateless: false + source: "10.0.0.0/16" + protocol: "all" + sourceType: "CIDR_BLOCK" + description: "Allow inter vcn communication" + - name: service-lb-nsg + role: service-lb + ingressRules: + - ingressRule: + isStateless: false + source: "10.0.0.0/16" + protocol: "all" + sourceType: "CIDR_BLOCK" + description: "Allow ingress from vcn subnets" + subnets: + - name: ep-subnet + role: control-plane-endpoint + type: public + - name: cp-mc-subnet + role: control-plane + type: private + - name: worker-subnet-1 + role: worker + type: private + cidr: "10.0.10.0/24" + - name: worker-subnet-2 + role: worker + type: private + cidr: "10.0.30.0/24" + - name: svc-lb-subnet + role: service-lb + type: public + diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg/kustomization.yaml similarity index 69% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg/kustomization.yaml index 10cf114f..e2cce9a3 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg/kustomization.yaml @@ -1,8 +1,8 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml -- ../bases/crs.yaml -- ../bases/ccm.yaml +- ../../bases/crs.yaml +- ../../bases/ccm.yaml - ./md.yaml patchesStrategicMerge: - ./cluster.yaml \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg/md.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg/md.yaml similarity index 87% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg/md.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg/md.yaml index 4ffa15bd..503398b0 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-multiple-node-nsg/md.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-multiple-node-nsg/md.yaml @@ -1,4 +1,4 @@ -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-1" @@ -9,7 +9,9 @@ spec: compartmentId: "${OCI_COMPARTMENT_ID}" shape: "${OCI_NODE_MACHINE_TYPE}" subnetName: "worker-subnet-2" - nsgName: "worker-nsg-2" + networkDetails: + nsgNames: + - "worker-nsg-2" shapeConfig: ocpus: "1" metadata: @@ -48,5 +50,5 @@ spec: kind: KubeadmConfigTemplate infrastructureRef: name: "${CLUSTER_NAME}-md-1" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-node-drain/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-node-drain/cluster.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-node-drain/cluster.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-node-drain/cluster.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-node-drain/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-node-drain/kustomization.yaml similarity index 68% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-node-drain/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-node-drain/kustomization.yaml index 3f9240cb..61cf6e06 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-node-drain/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-node-drain/kustomization.yaml @@ -1,8 +1,8 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml -- ../bases/crs.yaml -- ../bases/ccm.yaml +- ../../bases/crs.yaml +- ../../bases/ccm.yaml patchesStrategicMerge: - ./md.yaml - ./cluster.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-node-drain/md.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-node-drain/md.yaml similarity index 100% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-node-drain/md.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-node-drain/md.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-oracle-linux/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-oracle-linux/cluster.yaml similarity index 88% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-oracle-linux/cluster.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-oracle-linux/cluster.yaml index 25edb150..018404b1 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-oracle-linux/cluster.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-oracle-linux/cluster.yaml @@ -1,5 +1,5 @@ kind: OCIMachineTemplate -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 metadata: name: "${CLUSTER_NAME}-control-plane" spec: diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-oracle-linux/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-oracle-linux/kustomization.yaml similarity index 69% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-oracle-linux/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-oracle-linux/kustomization.yaml index 58e9bb0f..5997e759 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-oracle-linux/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-oracle-linux/kustomization.yaml @@ -1,8 +1,8 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml -- ../bases/crs.yaml -- ../bases/ccm.yaml +- ../../bases/crs.yaml +- ../../bases/ccm.yaml patchesStrategicMerge: - ./cluster.yaml - ./md.yaml \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-oracle-linux/md.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-oracle-linux/md.yaml similarity index 88% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-oracle-linux/md.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-oracle-linux/md.yaml index 2b851fe7..f60187c2 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-oracle-linux/md.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-oracle-linux/md.yaml @@ -1,4 +1,4 @@ -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" diff --git a/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering/cluster.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering/cluster.yaml new file mode 100644 index 00000000..9cbbd827 --- /dev/null +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering/cluster.yaml @@ -0,0 +1,327 @@ +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: OCICluster +metadata: + name: "${CLUSTER_NAME}" +spec: + region: "${OCI_ALTERNATIVE_REGION}" + networkSpec: + vcnPeering: + drg: + manage: true + peerRouteRules: + - vcnCIDRRange: "10.0.0.0/16" + remotePeeringConnections: + - managePeerRPC: true + peerDRGId: "${PEER_DRG_ID}" + peerRegionName: "${PEER_REGION_NAME}" + vcn: + cidr: "10.1.0.0/16" + networkSecurityGroup: + list: + - egressRules: + - egressRule: + description: Kubernetes API traffic to Control Plane + destination: 10.1.0.0/29 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + ingressRules: + - ingressRule: + description: External access to Kubernetes API endpoint + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + name: control-plane-endpoint + role: control-plane-endpoint + - egressRules: + - egressRule: + description: Control Plane access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Kubernetes API endpoint to Control Plane(apiserver port) + communication + isStateless: false + protocol: "6" + source: 10.1.0.8/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Control plane node to Control Plane(apiserver port) communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: Worker Node to Control Plane(apiserver port) communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 6443 + min: 6443 + - ingressRule: + description: etcd client communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2379 + min: 2379 + - ingressRule: + description: etcd peer + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 2380 + min: 2380 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Inbound SSH traffic to Control Plane + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + name: control-plane + role: control-plane + - egressRules: + - egressRule: + description: Worker node access to Internet + destination: 0.0.0.0/0 + destinationType: CIDR_BLOCK + isStateless: false + protocol: all + ingressRules: + - ingressRule: + description: Inbound SSH traffic to worker node + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 22 + min: 22 + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Control Plane to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Worker node to worker node Kubelet Communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 10250 + min: 10250 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking (BGP) + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 179 + min: 179 + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 10.1.0.0/29 + sourceType: CIDR_BLOCK + - ingressRule: + description: Calico networking with IP-in-IP enabled + isStateless: false + protocol: "4" + source: 11.0.64.0/20 + sourceType: CIDR_BLOCK + - ingressRule: + description: Worker node to default NodePort ingress communication + isStateless: false + protocol: "6" + source: 10.1.64.0/20 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + name: worker + role: worker + - egressRules: + - egressRule: + description: Service LoadBalancer to default NodePort egress communication + destination: 10.1.64.0/20 + destinationType: CIDR_BLOCK + isStateless: false + protocol: "6" + tcpOptions: + destinationPortRange: + max: 32767 + min: 30000 + ingressRules: + - ingressRule: + description: Path discovery + icmpOptions: + code: 3 + type: 3 + isStateless: false + protocol: "1" + source: 10.1.0.0/16 + sourceType: CIDR_BLOCK + - ingressRule: + description: Accept http traffic on port 80 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 80 + min: 80 + - ingressRule: + description: Accept https traffic on port 443 + isStateless: false + protocol: "6" + source: 0.0.0.0/0 + sourceType: CIDR_BLOCK + tcpOptions: + destinationPortRange: + max: 443 + min: 443 + name: service-lb + role: service-lb + subnets: + - cidr: 10.1.0.8/29 + name: control-plane-endpoint + role: control-plane-endpoint + type: private + - cidr: 10.1.0.0/29 + name: control-plane + role: control-plane + type: private + - cidr: 10.1.0.32/27 + name: service-lb + role: service-lb + type: public + - cidr: 10.1.64.0/20 + name: worker + role: worker + type: private +--- +--- +kind: OCIMachineTemplate +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + template: + spec: + imageId: "${OCI_ALTERNATIVE_REGION_IMAGE_ID}" \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering/kustomization.yaml similarity index 81% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering/kustomization.yaml index 0df37069..0ac5a9be 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-remote-vcn-peering/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering/kustomization.yaml @@ -1,7 +1,7 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml - - ../bases/ccm.yaml + - ../../bases/ccm.yaml patchesStrategicMerge: - ./cluster.yaml - ./md.yaml diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-alternative-region/md.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering/md.yaml similarity index 73% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-alternative-region/md.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering/md.yaml index 58e932bb..546f401e 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-alternative-region/md.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-remote-vcn-peering/md.yaml @@ -1,4 +1,4 @@ -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-windows-calico/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-windows-calico/kustomization.yaml similarity index 64% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-windows-calico/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-windows-calico/kustomization.yaml index d1f72456..e0094999 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-windows-calico/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-windows-calico/kustomization.yaml @@ -1,7 +1,7 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml - - ../bases/crs.yaml - - ../bases/ccm.yaml + - ../../bases/crs.yaml + - ../../bases/ccm.yaml patchesStrategicMerge: - ./md.yaml \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-windows-calico/md.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-windows-calico/md.yaml similarity index 96% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template-windows-calico/md.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template-windows-calico/md.yaml index 9f291624..b6f1cf59 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template-windows-calico/md.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template-windows-calico/md.yaml @@ -1,4 +1,4 @@ -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 kind: OCIMachineTemplate metadata: name: "${CLUSTER_NAME}-md-0" diff --git a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template/kustomization.yaml b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template/kustomization.yaml similarity index 52% rename from test/e2e/data/infrastructure-oci/v1beta1/cluster-template/kustomization.yaml rename to test/e2e/data/infrastructure-oci/v1beta2/cluster-template/kustomization.yaml index 535ce82f..0807b5a4 100644 --- a/test/e2e/data/infrastructure-oci/v1beta1/cluster-template/kustomization.yaml +++ b/test/e2e/data/infrastructure-oci/v1beta2/cluster-template/kustomization.yaml @@ -1,5 +1,5 @@ bases: - ../bases/cluster.yaml - ../bases/md.yaml -- ../bases/crs.yaml -- ../bases/ccm.yaml \ No newline at end of file +- ../../bases/crs.yaml +- ../../bases/ccm.yaml \ No newline at end of file diff --git a/test/e2e/data/infrastructure-oci/v1beta2/metadata.yaml b/test/e2e/data/infrastructure-oci/v1beta2/metadata.yaml new file mode 100644 index 00000000..4bb5b72e --- /dev/null +++ b/test/e2e/data/infrastructure-oci/v1beta2/metadata.yaml @@ -0,0 +1,6 @@ +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +kind: Metadata +releaseSeries: + - major: 1 + minor: 0 + contract: v1beta1